lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201209021254.ne42jy6ovn2rk3cf@intel.com>
Date:   Tue, 8 Dec 2020 18:12:54 -0800
From:   Ben Widawsky <ben.widawsky@...el.com>
To:     Dan Williams <dan.j.williams@...el.com>
Cc:     linux-cxl@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux PCI <linux-pci@...r.kernel.org>,
        Linux ACPI <linux-acpi@...r.kernel.org>,
        Ira Weiny <ira.weiny@...el.com>,
        Vishal Verma <vishal.l.verma@...el.com>,
        "Kelley, Sean V" <sean.v.kelley@...el.com>,
        Rafael Wysocki <rafael.j.wysocki@...el.com>,
        Bjorn Helgaas <helgaas@...nel.org>,
        Jonathan Cameron <Jonathan.Cameron@...wei.com>,
        Jon Masters <jcm@...masters.org>,
        Chris Browy <cbrowy@...ry-design.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Christoph Hellwig <hch@...radead.org>
Subject: Re: [RFC PATCH 09/14] cxl/mem: Add basic IOCTL interface

On 20-12-08 17:37:50, Dan Williams wrote:
> On Tue, Dec 8, 2020 at 4:24 PM Ben Widawsky <ben.widawsky@...el.com> wrote:
> >
> > Add a straightforward IOCTL that provides a mechanism for userspace to
> > query the supported memory device commands.
> >
> > Memory device commands are specified in 8.2.9 of the CXL 2.0
> > specification. They are submitted through a mailbox mechanism specified
> > in 8.2.8.4.
> >
> > Signed-off-by: Ben Widawsky <ben.widawsky@...el.com>
> >
> > ---
> >
> > I did attempt to use the same struct for querying commands as well as
> > sending commands (upcoming patch). The number of unused fields between
> > the two made for a bad fit IMO.
> >
> > Signed-off-by: Ben Widawsky <ben.widawsky@...el.com>
> > ---
> >  Documentation/cxl/memory-devices.rst |   9 +++
> >  drivers/cxl/mem.c                    |  89 +++++++++++++++++++++++
> >  include/uapi/linux/cxl_mem.h         | 102 +++++++++++++++++++++++++++
> >  3 files changed, 200 insertions(+)
> >  create mode 100644 include/uapi/linux/cxl_mem.h
> >
> > diff --git a/Documentation/cxl/memory-devices.rst b/Documentation/cxl/memory-devices.rst
> > index 5f723c25382b..ec54674b3822 100644
> > --- a/Documentation/cxl/memory-devices.rst
> > +++ b/Documentation/cxl/memory-devices.rst
> > @@ -32,6 +32,15 @@ CXL Memory Device
> >  .. kernel-doc:: drivers/cxl/mem.c
> >     :internal:
> >
> > +CXL IOCTL Interface
> > +-------------------
> > +
> > +.. kernel-doc:: include/uapi/linux/cxl_mem.h
> > +   :doc: UAPI
> > +
> > +.. kernel-doc:: include/uapi/linux/cxl_mem.h
> > +   :internal:
> > +
> >  External Interfaces
> >  ===================
> >
> > diff --git a/drivers/cxl/mem.c b/drivers/cxl/mem.c
> > index bb6ea58f6c7b..2c4aadcea0e4 100644
> > --- a/drivers/cxl/mem.c
> > +++ b/drivers/cxl/mem.c
> > @@ -7,6 +7,7 @@
> >  #include <linux/idr.h>
> >  #include <linux/pci.h>
> >  #include <linux/io.h>
> > +#include <uapi/linux/cxl_mem.h>
> >  #include "acpi.h"
> >  #include "pci.h"
> >  #include "cxl.h"
> > @@ -73,6 +74,49 @@ static DEFINE_IDR(cxl_mem_idr);
> >  /* protect cxl_mem_idr allocations */
> >  static DEFINE_MUTEX(cxl_memdev_lock);
> >
> > +/*
> > + * This table defines the supported mailboxes commands for the driver. The id is
> > + * ordinal and thus gaps in this table aren't allowed. This table is made up of
> > + * a UAPI structure. Non-negative values in the table will be validated against
> > + * the user's input. For example, if size_in is 0, and the user passed in 1, it
> > + * is an error.
> > + */
> > +#define CXL_CMD(_id, _flags, sin, sout, _name, _enable, op)                    \
> > +       {                                                                      \
> > +               { .id = CXL_MEM_COMMAND_ID_##_id,                              \
> > +                 .flags = CXL_MEM_COMMAND_FLAG_##_flags,                      \
> > +                 .size_in = sin,                                              \
> > +                 .size_out = sout,                                            \
> > +                 .name = _name },                                             \
> > +                       .enable = _enable, .opcode = op                        \
> > +       }
> 
> Seems the ordinality requirement could be dropped if the definition was:
> 
> #define CXL_CMD(_id, _flags, sin, sout, _name, _enable, op)                    \
>        [CXL_MEM_COMMAND_ID_##_id] = {
>                              \
>                { .id = CXL_MEM_COMMAND_ID_##_id,                              \
> ...
> 
> Then command 0 and 42 could be defined out of order in the table.
> Especially if we need to config-disable or deprecate commands, I think
> it would be useful if this table was tolerant to being sparse.
> 

How sparse are we talking? The current form does support sparseness, but
obviously gets quite large if the ID numbering is similar to random
distribution.

I think if we do see this being more like random distribution, it can be
supported, but I think it adds a decent amount of complexity for what I see as
not much reward - unless you know of a fairly simple way to create this data
structure with full sparse ID support?

> > +
> > +/**
> > + * struct cxl_mem_command - Driver representation of a memory device command
> > + * @info: Command information as it exists for the UAPI
> > + * @opcode: The actual bits used for the mailbox protocol
> > + * @enable: Whether the command is enabled. The driver may support a large set
> > + *         of commands that may not be enabled. The primary reason a command
> > + *         would not be enabled is for commands that are specified as optional
> > + *         and the hardware doesn't support the command.
> > + *
> > + * The cxl_mem_command is the driver's internal representation of commands that
> > + * are supported by the driver. Some of these commands may not be supported by
> > + * the hardware (!@...ble). The driver will use @info to validate the fields
> > + * passed in by the user then submit the @opcode to the hardware.
> > + *
> > + * See struct cxl_command_info.
> > + */
> > +struct cxl_mem_command {
> > +       const struct cxl_command_info info;
> > +       const u16 opcode;
> > +       bool enable;
> > +};
> > +
> > +static struct cxl_mem_command mem_commands[] = {
> > +       CXL_CMD(INVALID, NONE, 0, 0, "Reserved", false, 0),
> > +};
> > +
> >  static int cxl_mem_wait_for_doorbell(struct cxl_mem *cxlm)
> >  {
> >         const int timeout = msecs_to_jiffies(2000);
> > @@ -268,8 +312,53 @@ static int cxl_mem_open(struct inode *inode, struct file *file)
> >         return 0;
> >  }
> >
> > +static int cxl_mem_count_commands(void)
> > +{
> > +       int i, n = 0;
> > +
> > +       for (i = 0; i < ARRAY_SIZE(mem_commands); i++) {
> > +               struct cxl_mem_command *c = &mem_commands[i];
> > +
> > +               if (c->enable)
> > +                       n++;
> > +       }
> > +
> > +       return n;
> > +}
> > +
> >  static long cxl_mem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> >  {
> > +       if (cmd == CXL_MEM_QUERY_COMMANDS) {
> > +               struct cxl_mem_query_commands __user *q = (void __user *)arg;
> > +               u32 n_commands;
> > +               int i, j;
> > +
> > +               if (get_user(n_commands, (u32 __user *)arg))
> > +                       return -EFAULT;
> > +
> > +               if (n_commands == 0)
> > +                       return put_user(cxl_mem_count_commands(),
> > +                                       (u32 __user *)arg);
> > +
> > +               for (i = 0, j = 0;
> > +                    i < ARRAY_SIZE(mem_commands) && j < n_commands; i++) {
> > +                       struct cxl_mem_command *c = &mem_commands[i];
> > +                       const struct cxl_command_info *info = &c->info;
> > +
> > +                       if (!c->enable)
> > +                               continue;
> > +
> > +                       if (copy_to_user(&q->commands[j], info, sizeof(*info)))
> > +                               return -EFAULT;
> > +
> > +                       if (copy_to_user(&q->commands[j].name, info->name,
> > +                                        strlen(info->name)))
> > +                               return -EFAULT;
> 
> Not sure why this is needed, see comment below about @name in
> cxl_mem_query_commands.
> 
> > +
> > +                       j++;
> > +               }
> > +       }
> > +
> >         return -ENOTTY;
> >  }
> >
> > diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h
> > new file mode 100644
> > index 000000000000..1d1e143f98ec
> > --- /dev/null
> > +++ b/include/uapi/linux/cxl_mem.h
> > @@ -0,0 +1,102 @@
> > +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> > +/*
> > + * CXL IOCTLs for Memory Devices
> > + */
> > +
> > +#ifndef _UAPI_CXL_MEM_H_
> > +#define _UAPI_CXL_MEM_H_
> > +
> > +#if defined(__cplusplus)
> > +extern "C" {
> > +#endif
> > +
> > +/**
> > + * DOC: UAPI
> > + *
> > + * CXL memory devices expose UAPI to have a standard user interface.
> > + * Userspace can refer to these structure definitions and UAPI formats
> > + * to communicate to driver
> > + */
> > +
> > +#define CXL_MEM_QUERY_COMMANDS _IOR('C', 1, struct cxl_mem_query_commands)
> > +
> > +#define CXL_MEM_COMMAND_NAME_LENGTH 32
> > +
> > +/**
> > + * struct cxl_command_info - Command information returned from a query.
> > + * @id: ID number for the command.
> > + * @flags: Flags that specify command behavior.
> > + *
> > + *          - CXL_MEM_COMMAND_FLAG_TAINT: Using this command will taint the kernel.
> > + * @size_in: Expected input size, or -1 if variable length.
> > + * @size_out: Expected output size, or -1 if variable length.
> > + * @name: Name describing the command.
> > + *
> > + * Represents a single command that is supported by both the driver and the
> > + * hardware. The is returned as part of an array from the query ioctl. The
> > + * following would be a command named "foobar" that takes a variable length
> > + * input and returns 0 bytes of output.
> > + *
> > + *  - @id = 10
> > + *  - @name = foobar
> > + *  - @flags = 0
> > + *  - @size_in = -1
> > + *  - @size_out = 0
> > + *
> > + * See struct cxl_mem_query_commands.
> > + */
> > +struct cxl_command_info {
> > +       __u32 id;
> > +#define CXL_MEM_COMMAND_ID_INVALID 0
> > +
> > +       __u32 flags;
> > +#define CXL_MEM_COMMAND_FLAG_NONE 0
> > +#define CXL_MEM_COMMAND_FLAG_TAINT BIT(0)
> > +
> > +       __s32 size_in;
> > +       __s32 size_out;
> > +
> > +       char name[32];
> 
> Why does the name for a command need to be shuffled back and forth
> over the ioctl interface. Can't this be handled by a static lookup
> table defined in the header?
> 

I was thinking of cases where the userspace application doesn't match the
current kernel's UAPI and giving the driver flexibility to return whatever.

OTTOMH, I also can't think of a way to do this if you want to do define the
table sparsely though. Do you have ideas for that?

> > +};
> > +
> > +/**
> > + * struct cxl_mem_query_commands - Query supported commands.
> > + * @n_commands: In/out parameter. When @n_commands is > 0, the driver will
> > + *             return min(num_support_commands, n_commands). When @n_commands
> > + *             is 0, driver will return the number of total supported commands.
> > + * @rsvd: Reserved for future use.
> > + * @commands: Output array of supported commands. This array must be allocated
> > + *            by userspace to be at least min(num_support_commands, @n_commands)
> > + *
> > + * Allow userspace to query the available commands supported by both the driver,
> > + * and the hardware. Commands that aren't supported by either the driver, or the
> > + * hardware are not returned in the query.
> > + *
> > + * Examples:
> > + *
> > + *  - { .n_commands = 0 } // Get number of supported commands
> > + *  - { .n_commands = 15, .commands = buf } // Return first 15 (or less)
> > + *    supported commands
> > + *
> > + *  See struct cxl_command_info.
> > + */
> > +struct cxl_mem_query_commands {
> > +       /*
> > +        * Input: Number of commands to return (space allocated by user)
> > +        * Output: Number of commands supported by the driver/hardware
> > +        *
> > +        * If n_commands is 0, kernel will only return number of commands and
> > +        * not try to populate commands[], thus allowing userspace to know how
> > +        * much space to allocate
> > +        */
> > +       __u32 n_commands;
> > +       __u32 rsvd;
> > +
> > +       struct cxl_command_info __user commands[]; /* out: supported commands */
> > +};
> > +
> > +#if defined(__cplusplus)
> > +}
> > +#endif
> > +
> > +#endif
> > --
> > 2.29.2
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ