From: Alex Williamson <alex.williamson@redhat.com> To: kvm@vger.kernel.org Cc: linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, dev@dpdk.org, mtosatti@redhat.com, thomas@monjalon.net, bluca@debian.org, jerinjacobk@gmail.com, bruce.richardson@intel.com, cohuck@redhat.com Subject: [PATCH v2 4/7] vfio: Introduce VFIO_DEVICE_FEATURE ioctl and first user Date: Wed, 19 Feb 2020 11:54:18 -0700 [thread overview] Message-ID: <158213845865.17090.13613582696110253458.stgit@gimli.home> (raw) In-Reply-To: <158213716959.17090.8399427017403507114.stgit@gimli.home> The VFIO_DEVICE_FEATURE ioctl is meant to be a general purpose, device agnostic ioctl for setting, retrieving, and probing device features. This implementation provides a 16-bit field for specifying a feature index, where the data porition of the ioctl is determined by the semantics for the given feature. Additional flag bits indicate the direction and nature of the operation; SET indicates user data is provided into the device feature, GET indicates the device feature is written out into user data. The PROBE flag augments determining whether the given feature is supported, and if provided, whether the given operation on the feature is supported. The first user of this ioctl is for setting the vfio-pci VF token, where the user provides a shared secret key (UUID) on a SR-IOV PF device, which users must provide when opening associated VF devices. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> --- drivers/vfio/pci/vfio_pci.c | 52 +++++++++++++++++++++++++++++++++++++++++++ include/uapi/linux/vfio.h | 37 +++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 8dd6ef9543ca..e4d5d26e5e71 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -1180,6 +1180,58 @@ static long vfio_pci_ioctl(void *device_data, return vfio_pci_ioeventfd(vdev, ioeventfd.offset, ioeventfd.data, count, ioeventfd.fd); + } else if (cmd == VFIO_DEVICE_FEATURE) { + struct vfio_device_feature feature; + uuid_t uuid; + + minsz = offsetofend(struct vfio_device_feature, flags); + + if (copy_from_user(&feature, (void __user *)arg, minsz)) + return -EFAULT; + + if (feature.argsz < minsz) + return -EINVAL; + + if (feature.flags & ~(VFIO_DEVICE_FEATURE_MASK | + VFIO_DEVICE_FEATURE_SET | + VFIO_DEVICE_FEATURE_GET | + VFIO_DEVICE_FEATURE_PROBE)) + return -EINVAL; + + switch (feature.flags & VFIO_DEVICE_FEATURE_MASK) { + case VFIO_DEVICE_FEATURE_PCI_VF_TOKEN: + if (!vdev->vf_token) + return -ENOTTY; + + /* + * We do not support GET of the VF Token UUID as this + * could expose the token of the previous device user. + */ + if (feature.flags & VFIO_DEVICE_FEATURE_GET) + return -EINVAL; + + if (feature.flags & VFIO_DEVICE_FEATURE_PROBE) + return 0; + + /* Don't SET unless told to do so */ + if (!(feature.flags & VFIO_DEVICE_FEATURE_SET)) + return -EINVAL; + + if (feature.argsz < minsz + sizeof(uuid)) + return -EINVAL; + + if (copy_from_user(&uuid, (void __user *)(arg + minsz), + sizeof(uuid))) + return -EFAULT; + + mutex_lock(&vdev->vf_token->lock); + uuid_copy(&vdev->vf_token->uuid, &uuid); + mutex_unlock(&vdev->vf_token->lock); + + return 0; + default: + return -ENOTTY; + } } return -ENOTTY; diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 9e843a147ead..aa37f90a2180 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h @@ -707,6 +707,43 @@ struct vfio_device_ioeventfd { #define VFIO_DEVICE_IOEVENTFD _IO(VFIO_TYPE, VFIO_BASE + 16) +/** + * VFIO_DEVICE_FEATURE - _IORW(VFIO_TYPE, VFIO_BASE + 17, + * struct vfio_device_feature) + * + * Get, set, or probe feature data of the device. The feature is selected + * using the FEATURE_MASK portion of the flags field. Support for a feature + * can be probed by setting both the FEATURE_MASK and PROBE bits. A probe + * may optionally include the GET and/or SET bits to determine read vs write + * access of the feature respectively. Probing a feature will return success + * if the feature is supported and all of the optionally indicated GET/SET + * methods are supported. The format of the data portion of the structure is + * specific to the given feature. The data portion is not required for + * probing. + * + * Return 0 on success, -errno on failure. + */ +struct vfio_device_feature { + __u32 argsz; + __u32 flags; +#define VFIO_DEVICE_FEATURE_MASK (0xffff) /* 16-bit feature index */ +#define VFIO_DEVICE_FEATURE_GET (1 << 16) /* Get feature into data[] */ +#define VFIO_DEVICE_FEATURE_SET (1 << 17) /* Set feature from data[] */ +#define VFIO_DEVICE_FEATURE_PROBE (1 << 18) /* Probe feature support */ + __u8 data[]; +}; + +#define VFIO_DEVICE_FEATURE _IO(VFIO_TYPE, VFIO_BASE + 17) + +/* + * Provide support for setting a PCI VF Token, which is used as a shared + * secret between PF and VF drivers. This feature may only be set on a + * PCI SR-IOV PF when SR-IOV is enabled on the PF and there are no existing + * open VFs. Data provided when setting this feature is a 16-byte array + * (__u8 b[16]), representing a UUID. + */ +#define VFIO_DEVICE_FEATURE_PCI_VF_TOKEN (0) + /* -------- API for Type1 VFIO IOMMU -------- */ /**
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com> To: kvm@vger.kernel.org Cc: linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, dev@dpdk.org, mtosatti@redhat.com, thomas@monjalon.net, bluca@debian.org, jerinjacobk@gmail.com, bruce.richardson@intel.com, cohuck@redhat.com Subject: [dpdk-dev] [PATCH v2 4/7] vfio: Introduce VFIO_DEVICE_FEATURE ioctl and first user Date: Wed, 19 Feb 2020 11:54:18 -0700 [thread overview] Message-ID: <158213845865.17090.13613582696110253458.stgit@gimli.home> (raw) In-Reply-To: <158213716959.17090.8399427017403507114.stgit@gimli.home> The VFIO_DEVICE_FEATURE ioctl is meant to be a general purpose, device agnostic ioctl for setting, retrieving, and probing device features. This implementation provides a 16-bit field for specifying a feature index, where the data porition of the ioctl is determined by the semantics for the given feature. Additional flag bits indicate the direction and nature of the operation; SET indicates user data is provided into the device feature, GET indicates the device feature is written out into user data. The PROBE flag augments determining whether the given feature is supported, and if provided, whether the given operation on the feature is supported. The first user of this ioctl is for setting the vfio-pci VF token, where the user provides a shared secret key (UUID) on a SR-IOV PF device, which users must provide when opening associated VF devices. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> --- drivers/vfio/pci/vfio_pci.c | 52 +++++++++++++++++++++++++++++++++++++++++++ include/uapi/linux/vfio.h | 37 +++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 8dd6ef9543ca..e4d5d26e5e71 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -1180,6 +1180,58 @@ static long vfio_pci_ioctl(void *device_data, return vfio_pci_ioeventfd(vdev, ioeventfd.offset, ioeventfd.data, count, ioeventfd.fd); + } else if (cmd == VFIO_DEVICE_FEATURE) { + struct vfio_device_feature feature; + uuid_t uuid; + + minsz = offsetofend(struct vfio_device_feature, flags); + + if (copy_from_user(&feature, (void __user *)arg, minsz)) + return -EFAULT; + + if (feature.argsz < minsz) + return -EINVAL; + + if (feature.flags & ~(VFIO_DEVICE_FEATURE_MASK | + VFIO_DEVICE_FEATURE_SET | + VFIO_DEVICE_FEATURE_GET | + VFIO_DEVICE_FEATURE_PROBE)) + return -EINVAL; + + switch (feature.flags & VFIO_DEVICE_FEATURE_MASK) { + case VFIO_DEVICE_FEATURE_PCI_VF_TOKEN: + if (!vdev->vf_token) + return -ENOTTY; + + /* + * We do not support GET of the VF Token UUID as this + * could expose the token of the previous device user. + */ + if (feature.flags & VFIO_DEVICE_FEATURE_GET) + return -EINVAL; + + if (feature.flags & VFIO_DEVICE_FEATURE_PROBE) + return 0; + + /* Don't SET unless told to do so */ + if (!(feature.flags & VFIO_DEVICE_FEATURE_SET)) + return -EINVAL; + + if (feature.argsz < minsz + sizeof(uuid)) + return -EINVAL; + + if (copy_from_user(&uuid, (void __user *)(arg + minsz), + sizeof(uuid))) + return -EFAULT; + + mutex_lock(&vdev->vf_token->lock); + uuid_copy(&vdev->vf_token->uuid, &uuid); + mutex_unlock(&vdev->vf_token->lock); + + return 0; + default: + return -ENOTTY; + } } return -ENOTTY; diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 9e843a147ead..aa37f90a2180 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h @@ -707,6 +707,43 @@ struct vfio_device_ioeventfd { #define VFIO_DEVICE_IOEVENTFD _IO(VFIO_TYPE, VFIO_BASE + 16) +/** + * VFIO_DEVICE_FEATURE - _IORW(VFIO_TYPE, VFIO_BASE + 17, + * struct vfio_device_feature) + * + * Get, set, or probe feature data of the device. The feature is selected + * using the FEATURE_MASK portion of the flags field. Support for a feature + * can be probed by setting both the FEATURE_MASK and PROBE bits. A probe + * may optionally include the GET and/or SET bits to determine read vs write + * access of the feature respectively. Probing a feature will return success + * if the feature is supported and all of the optionally indicated GET/SET + * methods are supported. The format of the data portion of the structure is + * specific to the given feature. The data portion is not required for + * probing. + * + * Return 0 on success, -errno on failure. + */ +struct vfio_device_feature { + __u32 argsz; + __u32 flags; +#define VFIO_DEVICE_FEATURE_MASK (0xffff) /* 16-bit feature index */ +#define VFIO_DEVICE_FEATURE_GET (1 << 16) /* Get feature into data[] */ +#define VFIO_DEVICE_FEATURE_SET (1 << 17) /* Set feature from data[] */ +#define VFIO_DEVICE_FEATURE_PROBE (1 << 18) /* Probe feature support */ + __u8 data[]; +}; + +#define VFIO_DEVICE_FEATURE _IO(VFIO_TYPE, VFIO_BASE + 17) + +/* + * Provide support for setting a PCI VF Token, which is used as a shared + * secret between PF and VF drivers. This feature may only be set on a + * PCI SR-IOV PF when SR-IOV is enabled on the PF and there are no existing + * open VFs. Data provided when setting this feature is a 16-byte array + * (__u8 b[16]), representing a UUID. + */ +#define VFIO_DEVICE_FEATURE_PCI_VF_TOKEN (0) + /* -------- API for Type1 VFIO IOMMU -------- */ /**
next prev parent reply other threads:[~2020-02-19 18:54 UTC|newest] Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-19 18:53 [PATCH v2 0/7] vfio/pci: SR-IOV support Alex Williamson 2020-02-19 18:53 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:53 ` [PATCH v2 1/7] vfio: Include optional device match in vfio_device_ops callbacks Alex Williamson 2020-02-19 18:53 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` [PATCH v2 2/7] vfio/pci: Implement match ops Alex Williamson 2020-02-19 18:54 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` [PATCH v2 3/7] vfio/pci: Introduce VF token Alex Williamson 2020-02-19 18:54 ` [dpdk-dev] " Alex Williamson 2020-02-25 2:59 ` Tian, Kevin 2020-02-25 2:59 ` [dpdk-dev] " Tian, Kevin 2020-03-05 18:17 ` Alex Williamson 2020-03-05 18:17 ` [dpdk-dev] " Alex Williamson 2020-03-06 8:32 ` Tian, Kevin 2020-03-06 8:32 ` [dpdk-dev] " Tian, Kevin 2020-03-06 15:39 ` Alex Williamson 2020-03-06 15:39 ` [dpdk-dev] " Alex Williamson 2020-03-07 1:04 ` Tian, Kevin 2020-03-07 1:04 ` [dpdk-dev] " Tian, Kevin 2020-03-09 0:46 ` Alex Williamson 2020-03-09 0:46 ` [dpdk-dev] " Alex Williamson 2020-03-09 1:22 ` Tian, Kevin 2020-03-09 1:22 ` [dpdk-dev] " Tian, Kevin 2020-03-09 1:33 ` Tian, Kevin 2020-03-09 1:33 ` [dpdk-dev] " Tian, Kevin 2020-03-09 15:35 ` Alex Williamson 2020-03-09 15:35 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` Alex Williamson [this message] 2020-02-19 18:54 ` [dpdk-dev] [PATCH v2 4/7] vfio: Introduce VFIO_DEVICE_FEATURE ioctl and first user Alex Williamson 2020-02-27 17:34 ` Cornelia Huck 2020-02-27 17:34 ` [dpdk-dev] " Cornelia Huck 2020-03-05 20:51 ` Alex Williamson 2020-03-05 20:51 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` [PATCH v2 5/7] vfio/pci: Add sriov_configure support Alex Williamson 2020-02-19 18:54 ` [dpdk-dev] " Alex Williamson 2020-02-25 3:08 ` Tian, Kevin 2020-02-25 3:08 ` [dpdk-dev] " Tian, Kevin 2020-03-05 18:22 ` Alex Williamson 2020-03-05 18:22 ` [dpdk-dev] " Alex Williamson 2020-03-05 20:08 ` Ajit Khaparde 2020-03-06 7:57 ` Tian, Kevin 2020-03-06 7:57 ` [dpdk-dev] " Tian, Kevin 2020-03-06 22:17 ` Alex Williamson 2020-03-06 22:17 ` [dpdk-dev] " Alex Williamson 2020-03-07 1:35 ` Tian, Kevin 2020-03-07 1:35 ` [dpdk-dev] " Tian, Kevin 2020-03-09 0:46 ` Alex Williamson 2020-03-09 0:46 ` [dpdk-dev] " Alex Williamson 2020-03-09 1:48 ` Tian, Kevin 2020-03-09 1:48 ` [dpdk-dev] " Tian, Kevin 2020-03-09 14:56 ` Alex Williamson 2020-03-09 14:56 ` [dpdk-dev] " Alex Williamson 2020-03-06 9:45 ` Tian, Kevin 2020-03-06 9:45 ` [dpdk-dev] " Tian, Kevin 2020-03-06 15:50 ` Alex Williamson 2020-03-06 15:50 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` [PATCH v2 6/7] vfio/pci: Remove dev_fmt definition Alex Williamson 2020-02-19 18:54 ` [dpdk-dev] " Alex Williamson 2020-02-19 18:54 ` [PATCH v2 7/7] vfio/pci: Cleanup .probe() exit paths Alex Williamson 2020-02-19 18:54 ` [dpdk-dev] " Alex Williamson 2020-02-25 2:33 ` [PATCH v2 0/7] vfio/pci: SR-IOV support Tian, Kevin 2020-02-25 2:33 ` [dpdk-dev] " Tian, Kevin 2020-02-25 6:09 ` Jason Wang 2020-02-25 6:09 ` [dpdk-dev] " Jason Wang 2020-03-05 17:14 ` Alex Williamson 2020-03-05 17:14 ` [dpdk-dev] " Alex Williamson 2020-03-06 3:35 ` Jason Wang 2020-03-06 3:35 ` [dpdk-dev] " Jason Wang 2020-03-06 16:24 ` Alex Williamson 2020-03-06 16:24 ` [dpdk-dev] " Alex Williamson 2020-03-09 3:36 ` Jason Wang 2020-03-09 3:36 ` [dpdk-dev] " Jason Wang 2020-03-09 14:45 ` Alex Williamson 2020-03-09 14:45 ` [dpdk-dev] " Alex Williamson 2020-03-05 17:33 ` Alex Williamson 2020-03-05 17:33 ` [dpdk-dev] " Alex Williamson 2020-03-06 9:21 ` Tian, Kevin 2020-03-06 9:21 ` [dpdk-dev] " Tian, Kevin 2020-03-05 6:38 ` Vamsi Krishna Attunuru 2020-03-05 6:38 ` Vamsi Krishna Attunuru
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=158213845865.17090.13613582696110253458.stgit@gimli.home \ --to=alex.williamson@redhat.com \ --cc=bluca@debian.org \ --cc=bruce.richardson@intel.com \ --cc=cohuck@redhat.com \ --cc=dev@dpdk.org \ --cc=jerinjacobk@gmail.com \ --cc=kvm@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pci@vger.kernel.org \ --cc=mtosatti@redhat.com \ --cc=thomas@monjalon.net \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.