New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
interfaces/fpga: add fpga interface #9263
interfaces/fpga: add fpga interface #9263
Conversation
interfaces/builtin/fpga.go
Outdated
# Devices | ||
/dev/fpga[0-9]* rw, | ||
|
||
# /sys/class/fpga_* specified by the kernel docs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update this comment to include links to the associated kernel docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
interfaces/builtin/fpga.go
Outdated
/sys/class/fpga_region/region[0-9]*/compat_id r, | ||
/sys/class/fpga_bridge/bridge[0-9]*/{name,state} r, | ||
|
||
# Xilinx zynqmp FPGA |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please also update this to add links to upstream documentation regarding these paths?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
interfaces/builtin/fpga.go
Outdated
/sys/module/zynqmp_fpga/parameters/readback_type rw, | ||
|
||
# configfs interface | ||
/sys/kernel/config/device-tree/overlays/full{,1}/ rw, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding of device-tree overlays is that a user can specify any path under the /sys/kernel/config/device-tree/overlays
directory to load their overlay at - but the above only allows /sys/kernel/config/device-tree/overlays/full
or /sys/kernel/config/device-tree/overlays/full1
to be used - can you elaborate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The driver only uses these paths to load the overlay. "full" refers to fully program the fpga, apparently. For an example on how this is used: https://github.com/Xilinx/meta-xilinx-tools/blob/master/recipes-bsp/fpga-manager-script/files/fpgautil.c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes but my point is that there is no requirement to use the name/path "full" here - a user could just as easily use "foo" to load a device-tree overlay - it is just that the existing xilinx tool uses the paths "full" and "full1" - so I think this rule should instead be
# device-tree overlay configfs interface
# https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/tree/Documentation/devicetree/configfs-overlays.txt?h=raspi&id=ca36a8933cceb1c42ba2be7796e7a151e62a97cc
/sys/kernel/config/device-tree/overlays/* rw,
/sys/kernel/config/device-tree/overlays/*/dtbo rw,
/sys/kernel/config/device-tree/overlays/*/path rw,
/sys/kernel/config/device-tree/overlays/*/status r,
interfaces/builtin/fpga.go
Outdated
/sys/devices/platform/firmware:zynqmp-firmware/firmware:zynqmp-firmware:pcap/fpga_manager/fpga[0-9]*/{flags,key} rw, | ||
/sys/devices/platform/fpga-full/fpga_region/region[0-9]*/compat_id r, | ||
|
||
# Xilinx zynqmp module parameters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again can you please add a link in this comment to some upstream documentation regarding this module + parameter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the base declaration bits need to be changed more
` | ||
|
||
var fpgaConnectedPlugUDev = []string{ | ||
`SUBSYSTEM=="misc", KERNEL=="fpga[0-9]*"`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks fine to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems given the device tree loading this should be superprivileged, I suppose that's what @anonymouse64 considerations were getting to.
The fpga interface will allow programming fpgas for different vendors. It lets plug users access the standard fpga kernel sysfs interface [1-3] and also vendor specific interfaces. [1] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-manager [2] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-region [3] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-bridge
The connected plug will make sure that snapd creates a cgroup for the snap for the /dev/fpga[0-9]* devices.
a501884
to
d4db775
Compare
@pedronis @anonymouse64 @alexmurray thanks for your comments - I have addressed them and re-based the branch, which is ready again for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for the base-declaration changes
interfaces/builtin/fpga.go
Outdated
|
||
# configfs interface | ||
/sys/kernel/config/device-tree/overlays/full{,1}/ rw, | ||
/sys/kernel/config/device-tree/overlays/full{,1}/path rw, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't care for the device-tree access in this PR, especially after reading @alexmurray's assessment. There were arguments for adding something like this to the TPM interface and also, IIRC, for creating a generic device-tree interface and we said 'no'. While putting these accesses in a superprivileged interface (like the base decl is now) does protect against widespread abuse, looking at the accesses, there is nothing in there that says 'fpga' - they are just mostly generic accesses that allow changing anything so IMO, they don't belong in this interface.
I suggest we remove the device-tree overlays accesses and then make this interface a normal manually-connected interface instead of superprivileged. For the device-tree bits, I suggest one of:
- leaving the device-tree stuff out of the interfaces and let device makers use gadget.yaml to program the fpga for the device and/or use a management snap (eg, in their brand store) that plugs system-files to program the device
- we create a 'device-tree' superprivileged interface. I worry about this since AIUI changes to the device-tree could impact the operational status of the device in a way that cannot be undone by Ubuntu Core
- we come up with some 'snap set system' options for fpga that gadgets and management snaps with snapd-control can use to have snapd make changes on the snap's behalf
'1' is my preferred short term solution. '2' I don't care for, but is possible. '3' is interesting on a theoretical level since allows a command to validate what will be overlayed, though reading a bit about FPGA, this seems impractical.
We need @pedronis to weigh in on the approach. IME, going with '1' is not controversial and would at least unblock device makers immediately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jdstrand @alfonsosanchezbeato 1. seems fine to me if that's the security team recommendation. We should explore 3. at some point, it has appeared, been mentioned already more than a couple of times in different context, but I don't think any of the relevant teams have time ATM for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the issue with the base-declaration had been addressed
Instead, remove device tree overlays bits. This reverts commit d4db775.
… interface As per review. Access to device tree overlays would be done by system-files assertion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for updating the AppArmor accesses. With that and the base declaration change you made, I'm approving. Please have @alexmurray give his final review before removing the 'Needs Security Review' tag (I only looked at this at a high-level).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security review ack from me.
Thanks! Removed the 'Needs Security Review' tag. |
\ø/ Thanks to all reviewers! |
The fpga interface will allow programming fpgas for different
vendors. It lets plug users access the standard fpga kernel sysfs
interface [1-3] and also vendor specific interfaces.
[1] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-manager
[2] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-region
[3] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-bridge