The following patch set comes to enrich security model as a follow up to commit e6bd18f57aad ('IB/security: Restrict use of the write() interface'). DISCLAIMER: These patches are far from being completed. They present working init_ucontext and query_device (both regular and extended version). In addition, they are given as a basis of discussions. NOT ALL COMMENTS GIVEN ON PREVIOUS VERSIONS ARE HANDLED IN THIS SERIES, SOME OF THEM WILL BE HANDLED IN THE FUTURE. The ideas presented here are based on our V1/V2/V3 series in addition to some ideas presented in OFVWG and Sean's series. This patch series add ioctl() interface to the existing write() interface and provide an easy route to backport this change to legacy supported systems. Analyzing the current uverbs role in dispatching and parsing commands, we find that: (a) uverbs validates the basic properties of the command (b) uverbs is responsible of doing all the IDR and uobject management and locking. It's also responsible of handling completion FDs. (c) uverbs transforms the user<-->kernel ABI to kernel API. (a) and (b) are valid for every kABI. Although the nature of commands could change, they still have to be validated and transform to kernel pointers. In order to avoid duplications between the various drivers, we would like to keep (a) and (b) as shared code. In addition, this is a good time to expand the ABI to be more scalable, so we added a few goals: (1) Command's attributes shall be extensible in an easy one. Either by allowing drivers to have their own extensible set of attributes or core code extensible attributes. Moreover, driver's specific attributes could some day become core's standard attributes. We would like to still support old user-space while avoid duplicating the code in kernel. (2) Each driver may have specific type system (i.e QP, CQ, ....). It may or may not even implement the standard type system. It could extend this type system in the future. Try to avoid duplicating existing types or actions. (3) Do not change or recompile driver libraries and don't copy their data. (4) Efficient dispatching. Thus, in order to allow this flexibility, we decide giving (a) and (b) as a common infrastructure, but use per-driver guidelines in order to do that parsing and uobject management. Handlers are also set by the drivers themselves (though they can point to either shared common code) or driver specific code. Since types are no longer enforced by the common infrastructure, there is no point of pre-allocating common IDR types in the common code. Instead, we provide an API for driver to add new types. We use one IDR per driver for all its types. The driver declared all its supported types, their free function and release order. After that, all uboject, exclusive access and types are handled automatically for the driver by the infrastructure. Scatter gather was chosen in order to allow us not to recompile user space drivers. By using pointers to driver specific data, we could just use it without introduce copying data and without changing the user-space driver at all. We chose to go with non blocking lock user objects. When exclusive (WRITE or DESTROY) access is required, we dispatch the action if and only if no other action needs this object as well. Otherwise, -EBUSY is returned to the user-space. Device removal is synced with SRCU as of today. If we were using locks, we would have need to sort the given user-space handles. Otherwise, a user-space application may result in causing a deadlock. Moving to a non blocking lock based behaviour, the dispatching in kernel becomes more efficient. Further uverbs related subsystem (such as RDMA-CM) may use other fds or use other ioctl codes. Note, we might switch to submitting one task (i.e - change locking schema) once the concepts are more mature. Regards, Liran, Haggai, Leon and Matan TODO: 1. Check other models for implementing FDs (as suggested in OFVWG). 2. Currently, this code only works with the new ioctl based libibverbs. Make this compatible with the old version. 3. Rebase over latest kernel bits. Changes from V3: 1. Add create_cq and create_comp_channel. 2. Add FD as ib_uobject into the type system Changes from V2: 1. Use types declerations in order to declare release order and free function 2. Allow the driver to extend and use existing building blocks in any level: a. Add more types b. Add actions to exsiting types c. Add attributes to existing actions (existed in V2) Such a driver will only duplicate structs which it actually changed. 3. Fixed bugs in ucontext teardown and type allocation/locking. 4. Add reg_mr and init_pd Changes from V1: 1. Refined locking system a. try_read_lock and write lock to sync exclusive access b. SRCU to sync device removal from commands execution c. Future rwsem to sync close context from commands execution 2. Added temporary udata usage for vendor's data 3. Add query_device and init_ucontext command with mlx5 implementation 4. Fixed bugs in ioctl dispatching 5. Change callbacks to get ib_uverbs_file instead of ucontext 6. Add general types initialization and cleanups Leon Romanovsky (2): RDMA/core: Export RDMA IOCTL declarations RDMA/core: Refactor IDR to be per-device Matan Barak (5): RDMA/core: Add support for custom types RDMA/core: Add new ioctl interface RDMA/core: Add initialize and cleanup of common types RDMA/core: Add uverbs types, actions, handlers and attributes IB/mlx5: Implement common uverb objects drivers/infiniband/core/Makefile | 3 +- drivers/infiniband/core/device.c | 18 + drivers/infiniband/core/rdma_core.c | 505 +++++++++++++++++++ drivers/infiniband/core/rdma_core.h | 77 +++ drivers/infiniband/core/user_mad.c | 2 +- drivers/infiniband/core/uverbs.h | 30 +- drivers/infiniband/core/uverbs_cmd.c | 157 +++--- drivers/infiniband/core/uverbs_ioctl.c | 306 ++++++++++++ drivers/infiniband/core/uverbs_ioctl_cmd.c | 757 +++++++++++++++++++++++++++++ drivers/infiniband/core/uverbs_main.c | 165 ++----- drivers/infiniband/hw/mlx5/main.c | 3 + include/rdma/ib_verbs.h | 33 +- include/rdma/rdma_ioctl.h | 38 ++ include/rdma/uverbs_ioctl.h | 342 +++++++++++++ include/rdma/uverbs_ioctl_cmd.h | 254 ++++++++++ include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/ib_user_mad.h | 12 - include/uapi/rdma/ib_user_verbs.h | 13 + include/uapi/rdma/rdma_user_ioctl.h | 82 ++++ 19 files changed, 2571 insertions(+), 227 deletions(-) create mode 100644 drivers/infiniband/core/rdma_core.c create mode 100644 drivers/infiniband/core/rdma_core.h create mode 100644 drivers/infiniband/core/uverbs_ioctl.c create mode 100644 drivers/infiniband/core/uverbs_ioctl_cmd.c create mode 100644 include/rdma/rdma_ioctl.h create mode 100644 include/rdma/uverbs_ioctl.h create mode 100644 include/rdma/uverbs_ioctl_cmd.h create mode 100644 include/uapi/rdma/rdma_user_ioctl.h -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html