From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Chiara Meiohas <cmeiohas@nvidia.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org, linux-rdma@vger.kernel.org,
Mark Bloch <mbloch@nvidia.com>,
Patrisious Haddad <phaddad@nvidia.com>,
Yishai Hadas <yishaih@nvidia.com>
Subject: [PATCH rdma-next 0/6] Introduce UCAP API and usage in mlx5
Date: Wed, 26 Feb 2025 16:17:26 +0200 [thread overview]
Message-ID: <cover.1740574943.git.leon@kernel.org> (raw)
This series introduces the User CAPability (UCAP) API that allows
creating user contexts with various firmware privileges.
The UCAP API provides fine-grained control over specific firmware
features by representing each capability as a character device with root
read-write access. Root processes can grant users special privileges by
allowing access to these character devices. User contexts created using
a file descriptor of a UCAP will have specific UCAP privileges.
Two UCAP character devices are created for mlx5, and user contexts
opened with at least one of these UCAPs are considered privileged. To
ensure that privileged commands can always proceed, non-privileged
commands are limited when a privileged user is present on the device.
Thanks
Chiara Meiohas (5):
RDMA/uverbs: Introduce UCAP (User CAPabilities) API
RDMA/mlx5: Create UCAP char devices for supported device capabilities
RDMA/uverbs: Add support for UCAPs in context creation
RDMA/mlx5: Check enabled UCAPs when creating ucontext
docs: infiniband: document the UCAP API
Patrisious Haddad (1):
RDMA/mlx5: Expose RDMA TRANSPORT flow table types to userspace
Documentation/infiniband/index.rst | 1 +
Documentation/infiniband/ucaps.rst | 71 +++++
drivers/infiniband/core/Makefile | 3 +-
drivers/infiniband/core/ucaps.c | 255 ++++++++++++++++++
drivers/infiniband/core/uverbs_cmd.c | 19 ++
drivers/infiniband/core/uverbs_main.c | 2 +
.../infiniband/core/uverbs_std_types_device.c | 4 +
drivers/infiniband/hw/mlx5/devx.c | 31 ++-
drivers/infiniband/hw/mlx5/devx.h | 5 +-
drivers/infiniband/hw/mlx5/fs.c | 154 ++++++++++-
drivers/infiniband/hw/mlx5/fs.h | 2 +
drivers/infiniband/hw/mlx5/main.c | 77 +++++-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 +
include/rdma/ib_ucaps.h | 25 ++
include/rdma/ib_verbs.h | 1 +
include/uapi/rdma/ib_user_ioctl_cmds.h | 1 +
include/uapi/rdma/mlx5_user_ioctl_cmds.h | 1 +
include/uapi/rdma/mlx5_user_ioctl_verbs.h | 2 +
18 files changed, 635 insertions(+), 22 deletions(-)
create mode 100644 Documentation/infiniband/ucaps.rst
create mode 100644 drivers/infiniband/core/ucaps.c
create mode 100644 include/rdma/ib_ucaps.h
--
2.48.1
next reply other threads:[~2025-02-26 14:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-26 14:17 Leon Romanovsky [this message]
2025-02-26 14:17 ` [PATCH rdma-next 6/6] docs: infiniband: document the UCAP API Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1740574943.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=cmeiohas@nvidia.com \
--cc=corbet@lwn.net \
--cc=jgg@nvidia.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=mbloch@nvidia.com \
--cc=phaddad@nvidia.com \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).