All of lore.kernel.org
 help / color / mirror / Atom feed
From: Maxime Coquelin <maxime.coquelin@redhat.com>
To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com,
	paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
	stephen.smalley.work@gmail.com, eparis@parisplace.org,
	xieyongji@bytedance.com,
	virtualization@lists.linux-foundation.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
	david.marchand@redhat.com, lulu@redhat.com,
	casey@schaufler-ca.com
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
Subject: [PATCH v5 0/4] vduse: add support for networking devices
Date: Tue, 12 Dec 2023 14:17:08 +0100	[thread overview]
Message-ID: <20231212131712.1816324-1-maxime.coquelin@redhat.com> (raw)

This small series enables virtio-net device type in VDUSE.
With it, basic operation have been tested, both with
virtio-vdpa and vhost-vdpa using DPDK Vhost library series
adding VDUSE support using split rings layout (merged in
DPDK v23.07-rc1).

Control queue support (and so multiqueue) has also been
tested, but requires a Kernel series from Jason Wang
relaxing control queue polling [1] to function reliably,
so while Jason rework is done, a patch is added to disable
CVQ and features that depend on it (tested also with DPDK
v23.07-rc1).

In this v5, LSM hooks introduced in previous revision are
unified into a single hook that covers below operations:
- VDUSE_CREATE_DEV ioctl on VDUSE control file,
- VDUSE_DESTROY_DEV ioctl on VDUSE control file,
- open() on VDUSE device file.

In combination with the operations permission, a device type
permission has to be associated:
- block: Virtio block device type,
- net: Virtio networking device type.

Changes in v5:
==============
- Move control queue disablement patch before Net
  devices enablement (Jason).
- Unify operations LSM hooks into a single hook.
- Rebase on latest master.

Maxime Coquelin (4):
  vduse: validate block features only with block devices
  vduse: Temporarily disable control queue features
  vduse: enable Virtio-net device type
  vduse: Add LSM hook to check Virtio device type

 MAINTAINERS                         |  1 +
 drivers/vdpa/vdpa_user/vduse_dev.c  | 65 +++++++++++++++++++++++++++--
 include/linux/lsm_hook_defs.h       |  2 +
 include/linux/security.h            |  6 +++
 include/linux/vduse.h               | 14 +++++++
 security/security.c                 | 15 +++++++
 security/selinux/hooks.c            | 32 ++++++++++++++
 security/selinux/include/classmap.h |  2 +
 8 files changed, 133 insertions(+), 4 deletions(-)
 create mode 100644 include/linux/vduse.h

-- 
2.43.0


             reply	other threads:[~2023-12-12 13:17 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-12 13:17 Maxime Coquelin [this message]
2023-12-12 13:17 ` [PATCH v5 1/4] vduse: validate block features only with block devices Maxime Coquelin
2023-12-12 13:17 ` [PATCH v5 2/4] vduse: Temporarily disable control queue features Maxime Coquelin
2023-12-13  4:52   ` Jason Wang
2023-12-13 11:23     ` Maxime Coquelin
2023-12-18  2:50       ` Jason Wang
2023-12-18  9:21         ` Maxime Coquelin
2023-12-20  3:50           ` Jason Wang
2023-12-12 13:17 ` [PATCH v5 3/4] vduse: enable Virtio-net device type Maxime Coquelin
2023-12-12 13:17 ` [PATCH v5 4/4] vduse: Add LSM hook to check Virtio " Maxime Coquelin
2023-12-12 16:33   ` Casey Schaufler
2023-12-12 17:59     ` Michael S. Tsirkin
2023-12-12 22:55       ` Casey Schaufler
2023-12-16  4:18         ` Serge E. Hallyn
2023-12-18 17:21   ` Stephen Smalley
2023-12-18 17:33     ` Stephen Smalley
2024-01-04 10:14       ` Maxime Coquelin
2023-12-19 18:20     ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231212131712.1816324-1-maxime.coquelin@redhat.com \
    --to=maxime.coquelin@redhat.com \
    --cc=casey@schaufler-ca.com \
    --cc=david.marchand@redhat.com \
    --cc=eparis@parisplace.org \
    --cc=jasowang@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lulu@redhat.com \
    --cc=mst@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=stephen.smalley.work@gmail.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=xieyongji@bytedance.com \
    --cc=xuanzhuo@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.