From: Dan Williams <dan.j.williams@intel.com>
To: Saeed Mahameed <saeed@kernel.org>, Dave Jiang <dave.jiang@intel.com>
Cc: <linux-cxl@vger.kernel.org>, <dan.j.williams@intel.com>,
<ira.weiny@intel.com>, <vishal.l.verma@intel.com>,
<alison.schofield@intel.com>, <Jonathan.Cameron@huawei.com>,
<dave@stgolabs.net>, <jgg@nvidia.com>, <shiju.jose@huawei.com>
Subject: Re: [PATCH v5 10/15] cxl: Add support for fwctl RPC command to enable CXL feature commands
Date: Thu, 13 Feb 2025 10:22:29 -0800 [thread overview]
Message-ID: <67ae3865d033a_2d1e29498@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <Z61dsxVDH1yZAfEY@x130>
Saeed Mahameed wrote:
> On 11 Feb 11:28, Dave Jiang wrote:
> >fwctl provides a fwctl_ops->fw_rpc() callback in order to issue ioctls
> >to a device. The cxl fwctl driver will start by supporting the CXL
> >Feature commands: Get Supported Features, Get Feature, and Set Feature.
> >
> >The fw_rpc() callback provides 'enum fwctl_rpc_scope' parameter where
> >it indicates the security scope of the call. The Get Supported Features
> >and Get Feature calls can be executed with the scope of
> >FWCTL_RPC_CONFIGRATION. The Set Feature call is gated by the effects
> >of the Feature reported by Get Supported Features call for the specific
> >Feature.
> >
> >Only "Get Supported Features" is supported in this patch. Additional
> >commands will be added in follow on patches. "Get Supported Features"
> >will filter the Features that are exclusive to the kernel. The flag
> >field of the Feature details will be cleared of the "Changeable"
> >field and the "set feat size" will be set to 0 to indicate that
> >the feature is not changeable.
> >
> >Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> >Reviewed-by: Dan Williams <dan.j.williams@intel.com>
[..]
> >+ /*
> >+ * If the Feature setting causes immediate configuration change
> >+ * then we need the full write permission policy.
> >+ */
> >+ if (effects & imm_mask && scope >= FWCTL_RPC_DEBUG_WRITE_FULL)
> >+ return true;
>
> I am not sure the security policy here is coherent with the documentation
> * @FWCTL_RPC_DEBUG_WRITE_FULL: Write access to all debug information
>
> From the documentation these features settings in CXL should only be for
> debug purposes, a bit confusing, same for below.
Have another read through the FWCTL documentation. The reason the term
"debug write" is used is due to the expectation that FWCTL manipulates
ancillary functionality of the device. It is "debug" because FWCTL
Feature support can be disabled without losing access to the primary
capabilties of the device.
For the same way debugfs enables some non-debug flows, but is
disabled in kernel lockdown scenarios, FWCTL enables some non-debug
flows and is disabled in kernel lockdown scenarios.
next prev parent reply other threads:[~2025-02-13 18:22 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 18:27 [PATCH v5 00/15] cxl: Add CXL feature commands support via fwctl Dave Jiang
2025-02-11 18:27 ` [PATCH v5 01/15] cxl: Enumerate feature commands Dave Jiang
2025-02-11 18:27 ` [PATCH v5 02/15] cxl: Add Get Supported Features command for kernel usage Dave Jiang
2025-02-11 18:27 ` [PATCH v5 03/15] cxl/test: Add Get Supported Features mailbox command support Dave Jiang
2025-02-11 18:27 ` [PATCH v5 04/15] cxl/mbox: Add GET_FEATURE mailbox command Dave Jiang
2025-02-11 18:27 ` [PATCH v5 05/15] cxl/mbox: Add SET_FEATURE " Dave Jiang
2025-02-12 17:35 ` Jonathan Cameron
2025-02-11 18:28 ` [PATCH v5 06/15] cxl: Setup exclusive CXL features that are reserved for the kernel Dave Jiang
2025-02-11 18:28 ` [PATCH v5 07/15] cxl: Add FWCTL support to CXL Dave Jiang
2025-02-12 17:44 ` Jonathan Cameron
2025-02-12 17:47 ` Jonathan Cameron
2025-02-11 18:28 ` [PATCH v5 08/15] cxl: Add support for FWCTL get driver information callback Dave Jiang
2025-02-12 21:18 ` Saeed Mahameed
2025-02-13 15:32 ` Jason Gunthorpe
2025-02-13 17:29 ` Dave Jiang
2025-02-13 18:33 ` Dan Williams
2025-02-13 18:43 ` Jason Gunthorpe
2025-02-13 17:27 ` Dave Jiang
2025-02-13 18:12 ` Dan Williams
2025-02-13 22:11 ` Dave Jiang
2025-02-13 19:36 ` Jason Gunthorpe
2025-02-13 22:11 ` Dave Jiang
2025-02-11 18:28 ` [PATCH v5 09/15] cxl: Move cxl feature command structs to user header Dave Jiang
2025-02-11 18:28 ` [PATCH v5 10/15] cxl: Add support for fwctl RPC command to enable CXL feature commands Dave Jiang
2025-02-12 17:55 ` Jonathan Cameron
2025-02-12 23:37 ` Jason Gunthorpe
2025-02-13 2:49 ` Saeed Mahameed
2025-02-13 18:05 ` Jason Gunthorpe
2025-02-13 18:22 ` Dan Williams [this message]
2025-02-13 22:16 ` Dave Jiang
2025-02-11 18:28 ` [PATCH v5 11/15] cxl: Add support to handle user feature commands for get feature Dave Jiang
2025-02-11 18:28 ` [PATCH v5 12/15] cxl: Add support to handle user feature commands for set feature Dave Jiang
2025-02-11 18:28 ` [PATCH v5 13/15] cxl/test: Add Get Feature support to cxl_test Dave Jiang
2025-02-11 18:28 ` [PATCH v5 14/15] cxl/test: Add Set " Dave Jiang
2025-02-11 18:28 ` [PATCH v5 15/15] fwctl/cxl: Add documentation to FWCTL CXL Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67ae3865d033a_2d1e29498@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=alison.schofield@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=jgg@nvidia.com \
--cc=linux-cxl@vger.kernel.org \
--cc=saeed@kernel.org \
--cc=shiju.jose@huawei.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox