interfaces/fpga: add fpga interface #9263
Conversation
interfaces/builtin/fpga.go
Outdated
| # Devices | ||
| /dev/fpga[0-9]* rw, | ||
|
|
||
| # /sys/class/fpga_* specified by the kernel docs |
There was a problem hiding this comment.
Can you update this comment to include links to the associated kernel docs?
interfaces/builtin/fpga.go
Outdated
| /sys/class/fpga_region/region[0-9]*/compat_id r, | ||
| /sys/class/fpga_bridge/bridge[0-9]*/{name,state} r, | ||
|
|
||
| # Xilinx zynqmp FPGA |
There was a problem hiding this comment.
Can you please also update this to add links to upstream documentation regarding these paths?
interfaces/builtin/fpga.go
Outdated
| /sys/module/zynqmp_fpga/parameters/readback_type rw, | ||
|
|
||
| # configfs interface | ||
| /sys/kernel/config/device-tree/overlays/full{,1}/ rw, |
There was a problem hiding this comment.
My understanding of device-tree overlays is that a user can specify any path under the /sys/kernel/config/device-tree/overlays directory to load their overlay at - but the above only allows /sys/kernel/config/device-tree/overlays/full or /sys/kernel/config/device-tree/overlays/full1 to be used - can you elaborate?
There was a problem hiding this comment.
The driver only uses these paths to load the overlay. "full" refers to fully program the fpga, apparently. For an example on how this is used: https://github.com/Xilinx/meta-xilinx-tools/blob/master/recipes-bsp/fpga-manager-script/files/fpgautil.c
There was a problem hiding this comment.
Yes but my point is that there is no requirement to use the name/path "full" here - a user could just as easily use "foo" to load a device-tree overlay - it is just that the existing xilinx tool uses the paths "full" and "full1" - so I think this rule should instead be
# device-tree overlay configfs interface
# https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/tree/Documentation/devicetree/configfs-overlays.txt?h=raspi&id=ca36a8933cceb1c42ba2be7796e7a151e62a97cc
/sys/kernel/config/device-tree/overlays/* rw,
/sys/kernel/config/device-tree/overlays/*/dtbo rw,
/sys/kernel/config/device-tree/overlays/*/path rw,
/sys/kernel/config/device-tree/overlays/*/status r,
interfaces/builtin/fpga.go
Outdated
| /sys/devices/platform/firmware:zynqmp-firmware/firmware:zynqmp-firmware:pcap/fpga_manager/fpga[0-9]*/{flags,key} rw, | ||
| /sys/devices/platform/fpga-full/fpga_region/region[0-9]*/compat_id r, | ||
|
|
||
| # Xilinx zynqmp module parameters |
There was a problem hiding this comment.
Again can you please add a link in this comment to some upstream documentation regarding this module + parameter?
anonymouse64
added
the
Needs Samuele review
There was a problem hiding this comment.
It seems given the device tree loading this should be superprivileged, I suppose that's what @anonymouse64 considerations were getting to.
The fpga interface will allow programming fpgas for different vendors. It lets plug users access the standard fpga kernel sysfs interface [1-3] and also vendor specific interfaces. [1] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-manager [2] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-region [3] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-bridge
The connected plug will make sure that snapd creates a cgroup for the snap for the /dev/fpga[0-9]* devices.
alfonsosanchezbeato
force-pushed
the
add-fpga-interface
branch
from
a501884
to
d4db775
Compare
|
@pedronis @anonymouse64 @alexmurray thanks for your comments - I have addressed them and re-based the branch, which is ready again for review. |
interfaces/builtin/fpga.go
Outdated
|
|
||
| # configfs interface | ||
| /sys/kernel/config/device-tree/overlays/full{,1}/ rw, | ||
| /sys/kernel/config/device-tree/overlays/full{,1}/path rw, |
There was a problem hiding this comment.
I don't care for the device-tree access in this PR, especially after reading @alexmurray's assessment. There were arguments for adding something like this to the TPM interface and also, IIRC, for creating a generic device-tree interface and we said 'no'. While putting these accesses in a superprivileged interface (like the base decl is now) does protect against widespread abuse, looking at the accesses, there is nothing in there that says 'fpga' - they are just mostly generic accesses that allow changing anything so IMO, they don't belong in this interface.
I suggest we remove the device-tree overlays accesses and then make this interface a normal manually-connected interface instead of superprivileged. For the device-tree bits, I suggest one of:
- leaving the device-tree stuff out of the interfaces and let device makers use gadget.yaml to program the fpga for the device and/or use a management snap (eg, in their brand store) that plugs system-files to program the device
- we create a 'device-tree' superprivileged interface. I worry about this since AIUI changes to the device-tree could impact the operational status of the device in a way that cannot be undone by Ubuntu Core
- we come up with some 'snap set system' options for fpga that gadgets and management snaps with snapd-control can use to have snapd make changes on the snap's behalf
'1' is my preferred short term solution. '2' I don't care for, but is possible. '3' is interesting on a theoretical level since allows a command to validate what will be overlayed, though reading a bit about FPGA, this seems impractical.
We need @pedronis to weigh in on the approach. IME, going with '1' is not controversial and would at least unblock device makers immediately.
There was a problem hiding this comment.
@jdstrand @alfonsosanchezbeato 1. seems fine to me if that's the security team recommendation. We should explore 3. at some point, it has appeared, been mentioned already more than a couple of times in different context, but I don't think any of the relevant teams have time ATM for it.
There was a problem hiding this comment.
pedronis
dismissed
their stale review
the issue with the base-declaration had been addressed
Instead, remove device tree overlays bits. This reverts commit d4db775.
… interface As per review. Access to device tree overlays would be done by system-files assertion.
There was a problem hiding this comment.
Thank you for updating the AppArmor accesses. With that and the base declaration change you made, I'm approving. Please have @alexmurray give his final review before removing the 'Needs Security Review' tag (I only looked at this at a high-level).
Thanks! Removed the 'Needs Security Review' tag. |
jdstrand
removed
the
Needs security review
|
\ø/ Thanks to all reviewers! |
The fpga interface will allow programming fpgas for different
vendors. It lets plug users access the standard fpga kernel sysfs
interface [1-3] and also vendor specific interfaces.
[1] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-manager
[2] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-region
[3] https://github.com/torvalds/linux/blob/master/Documentation/ABI/testing/sysfs-class-fpga-bridge