From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Jonathan Corbet <corbet@lwn.net>,
Itay Avraham <itayavr@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>,
Leon Romanovsky <leon@kernel.org>, <linux-doc@vger.kernel.org>,
<linux-rdma@vger.kernel.org>, <netdev@vger.kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Saeed Mahameed <saeedm@nvidia.com>,
Tariq Toukan <tariqt@nvidia.com>,
Andy Gospodarek <andrew.gospodarek@broadcom.com>,
Aron Silverton <aron.silverton@oracle.com>,
Dan Williams <dan.j.williams@intel.com>,
David Ahern <dsahern@kernel.org>,
Christoph Hellwig <hch@infradead.org>,
Jiri Pirko <jiri@nvidia.com>, Leonid Bloch <lbloch@nvidia.com>,
"Leon Romanovsky" <leonro@nvidia.com>,
<linux-cxl@vger.kernel.org>, <patches@lists.linux.dev>
Subject: Re: [PATCH v2 5/8] fwctl: FWCTL_RPC to execute a Remote Procedure Call to device firmware
Date: Fri, 26 Jul 2024 16:30:09 +0100 [thread overview]
Message-ID: <20240726163009.00005d1c@Huawei.com> (raw)
In-Reply-To: <5-v2-940e479ceba9+3821-fwctl_jgg@nvidia.com>
On Mon, 24 Jun 2024 19:47:29 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> Add the FWCTL_RPC ioctl which allows a request/response RPC call to device
> firmware. Drivers implementing this call must follow the security
> guidelines under Documentation/userspace-api/fwctl.rst
>
> The core code provides some memory management helpers to get the messages
> copied from and back to userspace. The driver is responsible for
> allocating the output message memory and delivering the message to the
> device.
>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
A few minor things inline.
> ---
> drivers/fwctl/main.c | 62 +++++++++++++++++++++++++++++++++++
> include/linux/fwctl.h | 5 +++
> include/uapi/fwctl/fwctl.h | 66 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 133 insertions(+)
>
> diff --git a/drivers/fwctl/main.c b/drivers/fwctl/main.c
> index f1dec0b590aee4..9506b993a1a56d 100644
> --- a/drivers/fwctl/main.c
> +++ b/drivers/fwctl/main.c
> @@ -8,16 +8,20 @@
> #include <linux/slab.h>
> #include <linux/container_of.h>
> #include <linux/fs.h>
> +#include <linux/sizes.h>
>
> #include <uapi/fwctl/fwctl.h>
>
> enum {
> FWCTL_MAX_DEVICES = 256,
> + MAX_RPC_LEN = SZ_2M,
> };
In what way is that usefully handled as an enum?
I'd just use #defines
> static dev_t fwctl_dev;
> static DEFINE_IDA(fwctl_ida);
> +static unsigned long fwctl_tainted;
>
> DEFINE_FREE(kfree_errptr, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T));
> +DEFINE_FREE(kvfree_errptr, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T));
kvfree define free already defined as this since 6.9
>
> struct fwctl_ucmd {
> struct fwctl_uctx *uctx;
> @@ -75,9 +79,66 @@ static int fwctl_cmd_info(struct fwctl_ucmd *ucmd)
> return ucmd_respond(ucmd, sizeof(*cmd));
> }
>
> +static int fwctl_cmd_rpc(struct fwctl_ucmd *ucmd)
> +{
> + struct fwctl_device *fwctl = ucmd->uctx->fwctl;
> + struct fwctl_rpc *cmd = ucmd->cmd;
> + size_t out_len;
> +
> + if (cmd->in_len > MAX_RPC_LEN || cmd->out_len > MAX_RPC_LEN)
> + return -EMSGSIZE;
> +
> + switch (cmd->scope) {
> + case FWCTL_RPC_CONFIGURATION:
> + case FWCTL_RPC_DEBUG_READ_ONLY:
> + break;
> +
> + case FWCTL_RPC_DEBUG_WRITE_FULL:
> + if (!capable(CAP_SYS_RAWIO))
> + return -EPERM;
> + fallthrough;
> + case FWCTL_RPC_DEBUG_WRITE:
> + if (!test_and_set_bit(0, &fwctl_tainted)) {
> + dev_warn(
> + &fwctl->dev,
> + "%s(%d): has requested full access to the physical device device",
> + current->comm, task_pid_nr(current));
> + add_taint(TAINT_FWCTL, LOCKDEP_STILL_OK);
> + }
> + break;
> + default:
> + return -EOPNOTSUPP;
> + };
> +
> + void *inbuf __free(kvfree) =
> + kvzalloc(cmd->in_len, GFP_KERNEL | GFP_KERNEL_ACCOUNT);
As before
#define GFP_KERNEL_ACCOUNT (GFP_KERNEL | __GFP_ACCOUNT)
so don't need both.
> + if (!inbuf)
> + return -ENOMEM;
> + if (copy_from_user(inbuf, u64_to_user_ptr(cmd->in), cmd->in_len))
> + return -EFAULT;
> +
> + out_len = cmd->out_len;
> + void *outbuf __free(kvfree_errptr) = fwctl->ops->fw_rpc(
> + ucmd->uctx, cmd->scope, inbuf, cmd->in_len, &out_len);
> + if (IS_ERR(outbuf))
> + return PTR_ERR(outbuf);
> + if (outbuf == inbuf) {
> + /* The driver can re-use inbuf as outbuf */
> + inbuf = NULL;
I wish no_free_ptr() didn't have __must_check. Can do something ugly
like
outbuf = no_free_ptr(inbuf);
probably but maybe just setting it NULL is simpler.
> + }
> +
> + if (copy_to_user(u64_to_user_ptr(cmd->out), outbuf,
> + min(cmd->out_len, out_len)))
> + return -EFAULT;
> +
> + cmd->out_len = out_len;
> + return ucmd_respond(ucmd, sizeof(*cmd));
> +}
> diff --git a/include/uapi/fwctl/fwctl.h b/include/uapi/fwctl/fwctl.h
> index 39db9f09f8068e..8bde0d4416fd55 100644
> --- a/include/uapi/fwctl/fwctl.h
> +++ b/include/uapi/fwctl/fwctl.h
> @@ -67,4 +67,70 @@ struct fwctl_info {
> };
> #define FWCTL_INFO _IO(FWCTL_TYPE, FWCTL_CMD_INFO)
>
> +/**
> + * enum fwctl_rpc_scope - Scope of access for the RPC
> + */
> +enum fwctl_rpc_scope {
...
> + /**
> + * @FWCTL_RPC_DEBUG_READ_ONLY: Read only access to debug information
> + *
> + * Readable debug information. Debug information is compatible with
> + * kernel lockdown, and does not disclose any sensitive information. For
> + * instance exposing any encryption secrets from this information is
> + * forbidden.
> + */
> + FWCTL_RPC_DEBUG_READ_ONLY = 1,
> + /**
> + * @FWCTL_RPC_DEBUG_WRITE: Writable access to lockdown compatible debug information
Write access
probably rather than writeable.
> + *
> + * Allows write access to data in the device which may leave a fully
> + * supported state. This is intended to permit intensive and possibly
> + * invasive debugging. This scope will taint the kernel.
> + */
> +};
next prev parent reply other threads:[~2024-07-26 15:30 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 22:47 [PATCH v2 0/8] Introduce fwctl subystem Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 1/8] fwctl: Add basic structure for a class subsystem with a cdev Jason Gunthorpe
2024-06-25 4:47 ` Bagas Sanjaya
2024-07-22 16:04 ` Jason Gunthorpe
2024-07-26 14:30 ` Jonathan Cameron
2024-07-29 17:30 ` Jason Gunthorpe
2024-07-30 17:15 ` Jonathan Cameron
2024-06-24 22:47 ` [PATCH v2 2/8] fwctl: Basic ioctl dispatch for the character device Jason Gunthorpe
2024-07-26 15:01 ` Jonathan Cameron
2024-07-29 17:05 ` Jason Gunthorpe
2024-07-30 17:28 ` Jonathan Cameron
2024-08-01 13:05 ` Jason Gunthorpe
2024-08-06 7:36 ` Daniel Vetter
2024-08-08 12:34 ` Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 3/8] fwctl: FWCTL_INFO to return basic information about the device Jason Gunthorpe
2024-07-26 15:15 ` Jonathan Cameron
2024-07-29 16:35 ` Jason Gunthorpe
2024-07-30 17:34 ` Jonathan Cameron
2024-08-01 13:11 ` Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 4/8] taint: Add TAINT_FWCTL Jason Gunthorpe
2024-06-25 19:03 ` Randy Dunlap
2024-07-10 16:04 ` Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 5/8] fwctl: FWCTL_RPC to execute a Remote Procedure Call to device firmware Jason Gunthorpe
2024-07-26 15:30 ` Jonathan Cameron [this message]
2024-07-29 16:28 ` Jason Gunthorpe
2024-07-30 8:00 ` Leon Romanovsky
2024-08-01 12:58 ` Jason Gunthorpe
2024-08-01 17:26 ` Leon Romanovsky
2024-08-02 13:59 ` Jonathan Cameron
2024-08-02 15:57 ` Leon Romanovsky
2024-08-07 7:44 ` Oded Gabbay
2024-08-08 11:46 ` Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 6/8] fwctl: Add documentation Jason Gunthorpe
2024-06-25 22:04 ` Randy Dunlap
2024-07-22 16:18 ` Jason Gunthorpe
2024-07-22 20:40 ` Randy Dunlap
2024-07-26 15:50 ` Jonathan Cameron
2024-07-29 16:11 ` Jason Gunthorpe
2024-08-06 8:03 ` Daniel Vetter
2024-08-08 12:24 ` Jason Gunthorpe
2024-08-09 9:21 ` Daniel Vetter
2024-06-24 22:47 ` [PATCH v2 7/8] fwctl/mlx5: Support for communicating with mlx5 fw Jason Gunthorpe
2024-07-26 16:10 ` Jonathan Cameron
2024-07-29 16:22 ` Jason Gunthorpe
2024-07-31 11:52 ` Jonathan Cameron
2024-08-01 13:25 ` Jason Gunthorpe
2024-06-24 22:47 ` [PATCH v2 8/8] mlx5: Create an auxiliary device for fwctl_mlx5 Jason Gunthorpe
2024-06-24 23:18 ` [PATCH v2 0/8] Introduce fwctl subystem Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240726163009.00005d1c@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=andrew.gospodarek@broadcom.com \
--cc=aron.silverton@oracle.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dsahern@kernel.org \
--cc=hch@infradead.org \
--cc=itayavr@nvidia.com \
--cc=jgg@nvidia.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=lbloch@nvidia.com \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=patches@lists.linux.dev \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.