| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250827183852.2471-2-danielj@nvidia.com>
Date: Wed, 27 Aug 2025 13:38:42 -0500
From: Daniel Jurgens <danielj@...dia.com>
To: <netdev@...r.kernel.org>, <mst@...hat.com>, <jasowang@...hat.com>,
<alex.williamson@...hat.com>, <virtualization@...ts.linux.dev>,
<pabeni@...hat.com>
CC: <parav@...dia.com>, <shshitrit@...dia.com>, <yohadt@...dia.com>, "Daniel
Jurgens" <danielj@...dia.com>, Yishai Hadas <yishaih@...dia.com>
Subject: [PATCH net-next 01/11] virtio-pci: Expose generic device capability operations
Currently querying and setting capabilities is restricted to a single
capability and contained within the virtio PCI driver. However, each
device type has generic and device specific capabilities, that may be
queried and set. In subsequent patches virtio_net will query and set
flow filter capabilities.
Move the admin related definitions to a new header file. It needs to be
abstracted away from the PCI specifics to be used by upper layer
drivers.
Signed-off-by: Daniel Jurgens <danielj@...dia.com>
Reviewed-by: Parav Pandit <parav@...dia.com>
Reviewed-by: Shahar Shitrit <shshitrit@...dia.com>
Reviewed-by: Yishai Hadas <yishaih@...dia.com>
---
drivers/virtio/virtio.c | 82 ++++++++++++++++
drivers/virtio/virtio_pci_common.h | 1 -
drivers/virtio/virtio_pci_modern.c | 145 +++++++++++++++++------------
include/linux/virtio.h | 13 +++
include/linux/virtio_admin.h | 68 ++++++++++++++
include/uapi/linux/virtio_pci.h | 7 +-
6 files changed, 254 insertions(+), 62 deletions(-)
create mode 100644 include/linux/virtio_admin.h
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index a09eb4d62f82..6bc268c11100 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -706,6 +706,88 @@ int virtio_device_reset_done(struct virtio_device *dev)
}
EXPORT_SYMBOL_GPL(virtio_device_reset_done);
+/**
+ * virtio_device_cap_id_list_query - Query the list of available capability IDs
+ * @vdev: the virtio device
+ * @data: pointer to store the capability ID list result
+ *
+ * This function queries the virtio device for the list of available capability
+ * IDs that can be used with virtio_device_cap_get() and virtio_device_cap_set().
+ * The result is stored in the provided data structure.
+ *
+ * Return: 0 on success, -EOPNOTSUPP if the device doesn't support admin
+ * operations or capability queries, or a negative error code on other failures.
+ */
+int
+virtio_device_cap_id_list_query(struct virtio_device *vdev,
+ struct virtio_admin_cmd_query_cap_id_result *data)
+{
+ const struct virtio_admin_ops *admin = vdev->admin_ops;
+
+ if (!admin || !admin->cap_id_list_query)
+ return -EOPNOTSUPP;
+
+ return admin->cap_id_list_query(vdev, data);
+}
+EXPORT_SYMBOL_GPL(virtio_device_cap_id_list_query);
+
+/**
+ * virtio_device_cap_get - Get a capability from a virtio device
+ * @vdev: the virtio device
+ * @id: capability ID to retrieve
+ * @caps: buffer to store the capability data
+ * @cap_size: size of the capability buffer in bytes
+ *
+ * This function retrieves a specific capability from the virtio device.
+ * The capability data is stored in the provided buffer. The caller must
+ * ensure the buffer is large enough to hold the capability data.
+ *
+ * Return: 0 on success, -EOPNOTSUPP if the device doesn't support admin
+ * operations or capability retrieval, or a negative error code on other failures.
+ */
+int virtio_device_cap_get(struct virtio_device *vdev,
+ u16 id,
+ void *caps,
+ size_t cap_size)
+{
+ const struct virtio_admin_ops *admin = vdev->admin_ops;
+
+ if (!admin || !admin->cap_get)
+ return -EOPNOTSUPP;
+
+ return admin->cap_get(vdev, id, caps, cap_size);
+}
+EXPORT_SYMBOL_GPL(virtio_device_cap_get);
+
+/**
+ * virtio_device_cap_set - Set a capability on a virtio device
+ * @vdev: the virtio device
+ * @id: capability ID to set
+ * @caps: buffer containing the capability data to set
+ * @cap_size: size of the capability data in bytes
+ *
+ * This function sets a specific capability on the virtio device.
+ * The capability data is read from the provided buffer and applied
+ * to the device. The device may validate the capability data before
+ * applying it.
+ *
+ * Return: 0 on success, -EOPNOTSUPP if the device doesn't support admin
+ * operations or capability setting, or a negative error code on other failures.
+ */
+int virtio_device_cap_set(struct virtio_device *vdev,
+ u16 id,
+ const void *caps,
+ size_t cap_size)
+{
+ const struct virtio_admin_ops *admin = vdev->admin_ops;
+
+ if (!admin || !admin->cap_set)
+ return -EOPNOTSUPP;
+
+ return admin->cap_set(vdev, id, caps, cap_size);
+}
+EXPORT_SYMBOL_GPL(virtio_device_cap_set);
+
static int virtio_init(void)
{
BUILD_BUG_ON(offsetof(struct virtio_device, features) !=
diff --git a/drivers/virtio/virtio_pci_common.h b/drivers/virtio/virtio_pci_common.h
index 8cd01de27baf..fc26e035e7a6 100644
--- a/drivers/virtio/virtio_pci_common.h
+++ b/drivers/virtio/virtio_pci_common.h
@@ -48,7 +48,6 @@ struct virtio_pci_admin_vq {
/* Protects virtqueue access. */
spinlock_t lock;
u64 supported_cmds;
- u64 supported_caps;
u8 max_dev_parts_objects;
struct ida dev_parts_ida;
/* Name of the admin queue: avq.$vq_index. */
diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c
index dd0e65f71d41..c8bbd807371d 100644
--- a/drivers/virtio/virtio_pci_modern.c
+++ b/drivers/virtio/virtio_pci_modern.c
@@ -19,6 +19,7 @@
#define VIRTIO_PCI_NO_LEGACY
#define VIRTIO_RING_NO_LEGACY
#include "virtio_pci_common.h"
+#include <linux/virtio_admin.h>
#define VIRTIO_AVQ_SGS_MAX 4
@@ -232,103 +233,123 @@ static void virtio_pci_admin_cmd_list_init(struct virtio_device *virtio_dev)
kfree(data);
}
-static void
-virtio_pci_admin_cmd_dev_parts_objects_enable(struct virtio_device *virtio_dev)
+static int vp_modern_admin_cmd_cap_get(struct virtio_device *virtio_dev,
+ u16 id,
+ void *caps,
+ size_t cap_size)
{
- struct virtio_pci_device *vp_dev = to_vp_device(virtio_dev);
- struct virtio_admin_cmd_cap_get_data *get_data;
- struct virtio_admin_cmd_cap_set_data *set_data;
- struct virtio_dev_parts_cap *result;
+ struct virtio_admin_cmd_cap_get_data *data __free(kfree) = NULL;
struct virtio_admin_cmd cmd = {};
struct scatterlist result_sg;
struct scatterlist data_sg;
- u8 resource_objects_limit;
- u16 set_data_size;
- int ret;
- get_data = kzalloc(sizeof(*get_data), GFP_KERNEL);
- if (!get_data)
- return;
-
- result = kzalloc(sizeof(*result), GFP_KERNEL);
- if (!result)
- goto end;
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
- get_data->id = cpu_to_le16(VIRTIO_DEV_PARTS_CAP);
- sg_init_one(&data_sg, get_data, sizeof(*get_data));
- sg_init_one(&result_sg, result, sizeof(*result));
+ data->id = cpu_to_le16(id);
+ sg_init_one(&data_sg, data, sizeof(*data));
+ sg_init_one(&result_sg, caps, cap_size);
cmd.opcode = cpu_to_le16(VIRTIO_ADMIN_CMD_DEVICE_CAP_GET);
cmd.group_type = cpu_to_le16(VIRTIO_ADMIN_GROUP_TYPE_SELF);
cmd.data_sg = &data_sg;
cmd.result_sg = &result_sg;
- ret = vp_modern_admin_cmd_exec(virtio_dev, &cmd);
- if (ret)
- goto err_get;
- set_data_size = sizeof(*set_data) + sizeof(*result);
- set_data = kzalloc(set_data_size, GFP_KERNEL);
- if (!set_data)
- goto err_get;
+ return vp_modern_admin_cmd_exec(virtio_dev, &cmd);
+}
- set_data->id = cpu_to_le16(VIRTIO_DEV_PARTS_CAP);
+static int vp_modern_admin_cmd_cap_set(struct virtio_device *virtio_dev,
+ u16 id,
+ const void *caps,
+ size_t cap_size)
+{
+ struct virtio_admin_cmd_cap_set_data *data __free(kfree) = NULL;
+ struct virtio_admin_cmd cmd = {};
+ struct scatterlist data_sg;
+ size_t data_size;
+
+ data_size = sizeof(*data) + cap_size;
+ data = kzalloc(data_size, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ data->id = cpu_to_le16(id);
+ memcpy(data->cap_specific_data, caps, cap_size);
+ sg_init_one(&data_sg, data, data_size);
+ cmd.opcode = cpu_to_le16(VIRTIO_ADMIN_CMD_DRIVER_CAP_SET);
+ cmd.group_type = cpu_to_le16(VIRTIO_ADMIN_GROUP_TYPE_SELF);
+ cmd.data_sg = &data_sg;
+ cmd.result_sg = NULL;
+
+ return vp_modern_admin_cmd_exec(virtio_dev, &cmd);
+}
+
+static void
+virtio_pci_admin_cmd_dev_parts_objects_enable(struct virtio_device *virtio_dev)
+{
+ struct virtio_pci_device *vp_dev = to_vp_device(virtio_dev);
+ struct virtio_dev_parts_cap *dev_parts;
+ u8 resource_objects_limit;
+ int ret;
+
+ dev_parts = kzalloc(sizeof(*dev_parts), GFP_KERNEL);
+ if (!dev_parts)
+ return;
+
+ ret = vp_modern_admin_cmd_cap_get(virtio_dev, VIRTIO_DEV_PARTS_CAP,
+ dev_parts, sizeof(*dev_parts));
+ if (ret)
+ goto err;
/* Set the limit to the minimum value between the GET and SET values
* supported by the device. Since the obj_id for VIRTIO_DEV_PARTS_CAP
* is a globally unique value per PF, there is no possibility of
* overlap between GET and SET operations.
*/
- resource_objects_limit = min(result->get_parts_resource_objects_limit,
- result->set_parts_resource_objects_limit);
- result->get_parts_resource_objects_limit = resource_objects_limit;
- result->set_parts_resource_objects_limit = resource_objects_limit;
- memcpy(set_data->cap_specific_data, result, sizeof(*result));
- sg_init_one(&data_sg, set_data, set_data_size);
- cmd.data_sg = &data_sg;
- cmd.result_sg = NULL;
- cmd.opcode = cpu_to_le16(VIRTIO_ADMIN_CMD_DRIVER_CAP_SET);
- ret = vp_modern_admin_cmd_exec(virtio_dev, &cmd);
+ resource_objects_limit = min(dev_parts->get_parts_resource_objects_limit,
+ dev_parts->set_parts_resource_objects_limit);
+ dev_parts->get_parts_resource_objects_limit = resource_objects_limit;
+ dev_parts->set_parts_resource_objects_limit = resource_objects_limit;
+
+ ret = vp_modern_admin_cmd_cap_set(virtio_dev, VIRTIO_DEV_PARTS_CAP,
+ dev_parts, sizeof(*dev_parts));
if (ret)
- goto err_set;
+ goto err;
/* Allocate IDR to manage the dev caps objects */
ida_init(&vp_dev->admin_vq.dev_parts_ida);
vp_dev->admin_vq.max_dev_parts_objects = resource_objects_limit;
-err_set:
- kfree(set_data);
-err_get:
- kfree(result);
-end:
- kfree(get_data);
+err:
+ kfree(dev_parts);
}
-static void virtio_pci_admin_cmd_cap_init(struct virtio_device *virtio_dev)
+static int vp_modern_admin_cap_id_list_query(struct virtio_device *virtio_dev,
+ struct virtio_admin_cmd_query_cap_id_result *data)
{
- struct virtio_pci_device *vp_dev = to_vp_device(virtio_dev);
- struct virtio_admin_cmd_query_cap_id_result *data;
struct virtio_admin_cmd cmd = {};
struct scatterlist result_sg;
- int ret;
-
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- return;
sg_init_one(&result_sg, data, sizeof(*data));
cmd.opcode = cpu_to_le16(VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY);
cmd.group_type = cpu_to_le16(VIRTIO_ADMIN_GROUP_TYPE_SELF);
cmd.result_sg = &result_sg;
- ret = vp_modern_admin_cmd_exec(virtio_dev, &cmd);
- if (ret)
- goto end;
+ return vp_modern_admin_cmd_exec(virtio_dev, &cmd);
+}
- /* Max number of caps fits into a single u64 */
- BUILD_BUG_ON(sizeof(data->supported_caps) > sizeof(u64));
+static void virtio_pci_admin_cmd_cap_init(struct virtio_device *virtio_dev)
+{
+ struct virtio_admin_cmd_query_cap_id_result *data;
- vp_dev->admin_vq.supported_caps = le64_to_cpu(data->supported_caps[0]);
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return;
+
+ if (vp_modern_admin_cap_id_list_query(virtio_dev, data))
+ goto end;
- if (!(vp_dev->admin_vq.supported_caps & (1 << VIRTIO_DEV_PARTS_CAP)))
+ if (!(VIRTIO_CAP_IN_LIST(data, VIRTIO_DEV_PARTS_CAP)))
goto end;
virtio_pci_admin_cmd_dev_parts_objects_enable(virtio_dev);
@@ -1264,6 +1285,11 @@ static const struct virtio_config_ops virtio_pci_config_ops = {
.enable_vq_after_reset = vp_modern_enable_vq_after_reset,
};
+static const struct virtio_admin_ops virtio_pci_admin_ops = {
+ .cap_id_list_query = vp_modern_admin_cap_id_list_query,
+ .cap_get = vp_modern_admin_cmd_cap_get,
+ .cap_set = vp_modern_admin_cmd_cap_set,
+};
/* the PCI probing function */
int virtio_pci_modern_probe(struct virtio_pci_device *vp_dev)
{
@@ -1282,6 +1308,7 @@ int virtio_pci_modern_probe(struct virtio_pci_device *vp_dev)
else
vp_dev->vdev.config = &virtio_pci_config_nodev_ops;
+ vp_dev->vdev.admin_ops = &virtio_pci_admin_ops;
vp_dev->config_vector = vp_config_vector;
vp_dev->setup_vq = setup_vq;
vp_dev->del_vq = del_vq;
diff --git a/include/linux/virtio.h b/include/linux/virtio.h
index db31fc6f4f1f..a6e121b6f1f1 100644
--- a/include/linux/virtio.h
+++ b/include/linux/virtio.h
@@ -12,6 +12,7 @@
#include <linux/dma-mapping.h>
#include <linux/completion.h>
#include <linux/virtio_features.h>
+#include <linux/virtio_admin.h>
/**
* struct virtqueue - a queue to register buffers for sending or receiving.
@@ -161,6 +162,7 @@ struct virtio_device {
struct virtio_device_id id;
const struct virtio_config_ops *config;
const struct vringh_config_ops *vringh_config;
+ const struct virtio_admin_ops *admin_ops;
struct list_head vqs;
VIRTIO_DECLARE_FEATURES(features);
void *priv;
@@ -195,6 +197,17 @@ int virtio_device_restore(struct virtio_device *dev);
void virtio_reset_device(struct virtio_device *dev);
int virtio_device_reset_prepare(struct virtio_device *dev);
int virtio_device_reset_done(struct virtio_device *dev);
+int
+virtio_device_cap_id_list_query(struct virtio_device *vdev,
+ struct virtio_admin_cmd_query_cap_id_result *data);
+int virtio_device_cap_get(struct virtio_device *vdev,
+ u16 id,
+ void *caps,
+ size_t cap_size);
+int virtio_device_cap_set(struct virtio_device *vdev,
+ u16 id,
+ const void *caps,
+ size_t cap_size);
size_t virtio_max_dma_size(const struct virtio_device *vdev);
diff --git a/include/linux/virtio_admin.h b/include/linux/virtio_admin.h
new file mode 100644
index 000000000000..bbf543d20be4
--- /dev/null
+++ b/include/linux/virtio_admin.h
@@ -0,0 +1,68 @@
+/* SPDX-License-Identifier: GPL-2.0-only
+ *
+ * Header file for virtio admin operations
+ */
+#include <uapi/linux/virtio_pci.h>
+
+#ifndef _LINUX_VIRTIO_ADMIN_H
+#define _LINUX_VIRTIO_ADMIN_H
+
+struct virtio_device;
+
+/**
+ * VIRTIO_CAP_IN_LIST - Check if a capability is supported in the capability list
+ * @cap_list: Pointer to capability list structure containing supported_caps array
+ * @cap: Capability ID to check
+ *
+ * The cap_list contains a supported_caps array of little-endian 64-bit integers
+ * where each bit represents a capability. Bit 0 of the first element represents
+ * capability ID 0, bit 1 represents capability ID 1, and so on.
+ *
+ * Return: 1 if capability is supported, 0 otherwise
+ */
+#define VIRTIO_CAP_IN_LIST(cap_list, cap) \
+ (!!(1 & (le64_to_cpu(cap_list->supported_caps[cap / 64]) >> cap % 64)))
+
+/**
+ * struct virtio_admin_ops - Operations for virtio admin functionality
+ *
+ * This structure contains function pointers for performing administrative
+ * operations on virtio devices. All data and caps pointers must be allocated
+ * on the heap by the caller.
+ */
+struct virtio_admin_ops {
+ /**
+ * @cap_id_list_query: Query the list of supported capability IDs
+ * @vdev: The virtio device to query
+ * @data: Pointer to result structure (must be heap allocated)
+ * Return: 0 on success, negative error code on failure
+ */
+ int (*cap_id_list_query)(struct virtio_device *vdev,
+ struct virtio_admin_cmd_query_cap_id_result *data);
+ /**
+ * @cap_get: Get capability data for a specific capability ID
+ * @vdev: The virtio device
+ * @id: Capability ID to retrieve
+ * @caps: Pointer to capability data structure (must be heap allocated)
+ * @cap_size: Size of the capability data structure
+ * Return: 0 on success, negative error code on failure
+ */
+ int (*cap_get)(struct virtio_device *vdev,
+ u16 id,
+ void *caps,
+ size_t cap_size);
+ /**
+ * @cap_set: Set capability data for a specific capability ID
+ * @vdev: The virtio device
+ * @id: Capability ID to set
+ * @caps: Pointer to capability data structure (must be heap allocated)
+ * @cap_size: Size of the capability data structure
+ * Return: 0 on success, negative error code on failure
+ */
+ int (*cap_set)(struct virtio_device *vdev,
+ u16 id,
+ const void *caps,
+ size_t cap_size);
+};
+
+#endif /* _LINUX_VIRTIO_ADMIN_H */
diff --git a/include/uapi/linux/virtio_pci.h b/include/uapi/linux/virtio_pci.h
index c691ac210ce2..0d5ca0cff629 100644
--- a/include/uapi/linux/virtio_pci.h
+++ b/include/uapi/linux/virtio_pci.h
@@ -315,15 +315,18 @@ struct virtio_admin_cmd_notify_info_result {
#define VIRTIO_DEV_PARTS_CAP 0x0000
+/* Update this value to largest implemented cap number. */
+#define VIRTIO_ADMIN_MAX_CAP 0x0fff
+
struct virtio_dev_parts_cap {
__u8 get_parts_resource_objects_limit;
__u8 set_parts_resource_objects_limit;
};
-#define MAX_CAP_ID __KERNEL_DIV_ROUND_UP(VIRTIO_DEV_PARTS_CAP + 1, 64)
+#define VIRTIO_ADMIN_CAP_ID_ARRAY_SIZE __KERNEL_DIV_ROUND_UP(VIRTIO_ADMIN_MAX_CAP, 64)
struct virtio_admin_cmd_query_cap_id_result {
- __le64 supported_caps[MAX_CAP_ID];
+ __le64 supported_caps[VIRTIO_ADMIN_CAP_ID_ARRAY_SIZE];
};
struct virtio_admin_cmd_cap_get_data {
--
2.50.1
Powered by blists - more mailing lists