| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1741261611.git.leon@kernel.org> Date: Thu, 6 Mar 2025 13:51:25 +0200 From: Leon Romanovsky <leon@...nel.org> To: Jason Gunthorpe <jgg@...dia.com> Cc: Chiara Meiohas <cmeiohas@...dia.com>, Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org, Mark Bloch <mbloch@...dia.com>, Patrisious Haddad <phaddad@...dia.com>, Yishai Hadas <yishaih@...dia.com> Subject: [PATCH rdma-next v1 0/6] Introduce UCAP API and usage in mlx5 Changelog: v1: * Used kref primitives instead of open-coded variant * Check return value from dev_set_name() * Added extra brackets around type in UCAP_ENABLED macro v0: https://lore.kernel.org/all/cover.1740574943.git.leon@kernel.org -------------------------------------------------------------------------- This series introduces the User CAPability (UCAP) API that allows creating user contexts with various firmware privileges. The UCAP API provides fine-grained control over specific firmware features by representing each capability as a character device with root read-write access. Root processes can grant users special privileges by allowing access to these character devices. User contexts created using a file descriptor of a UCAP will have specific UCAP privileges. Two UCAP character devices are created for mlx5, and user contexts opened with at least one of these UCAPs are considered privileged. To ensure that privileged commands can always proceed, non-privileged commands are limited when a privileged user is present on the device. Thanks Chiara Meiohas (5): RDMA/uverbs: Introduce UCAP (User CAPabilities) API RDMA/mlx5: Create UCAP char devices for supported device capabilities RDMA/uverbs: Add support for UCAPs in context creation RDMA/mlx5: Check enabled UCAPs when creating ucontext docs: infiniband: document the UCAP API Patrisious Haddad (1): RDMA/mlx5: Expose RDMA TRANSPORT flow table types to userspace Documentation/infiniband/index.rst | 1 + Documentation/infiniband/ucaps.rst | 71 +++++ drivers/infiniband/core/Makefile | 3 +- drivers/infiniband/core/ucaps.c | 267 ++++++++++++++++++ drivers/infiniband/core/uverbs_cmd.c | 19 ++ drivers/infiniband/core/uverbs_main.c | 2 + .../infiniband/core/uverbs_std_types_device.c | 4 + drivers/infiniband/hw/mlx5/devx.c | 31 +- drivers/infiniband/hw/mlx5/devx.h | 5 +- drivers/infiniband/hw/mlx5/fs.c | 154 +++++++++- drivers/infiniband/hw/mlx5/fs.h | 2 + drivers/infiniband/hw/mlx5/main.c | 77 ++++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 + include/rdma/ib_ucaps.h | 25 ++ include/rdma/ib_verbs.h | 1 + include/uapi/rdma/ib_user_ioctl_cmds.h | 1 + include/uapi/rdma/mlx5_user_ioctl_cmds.h | 1 + include/uapi/rdma/mlx5_user_ioctl_verbs.h | 2 + 18 files changed, 647 insertions(+), 22 deletions(-) create mode 100644 Documentation/infiniband/ucaps.rst create mode 100644 drivers/infiniband/core/ucaps.c create mode 100644 include/rdma/ib_ucaps.h -- 2.48.1
Powered by blists - more mailing lists