configuring device security level through xbmgmt (Xilinx#1767)

austino1976 · Aug 6, 2019 · 3641f8b · 3641f8b
1 parent d97f907
commit 3641f8b
Show file tree

Hide file tree

Showing 3 changed files with 153 additions and 20 deletions.
diff --git a/src/runtime_src/core/pcie/linux/scan.h b/src/runtime_src/core/pcie/linux/scan.h
@@ -27,7 +27,7 @@
 #include <fcntl.h>
 #include <mutex>
 
-#define INVALID_ID 0xffff
+#define INVALID_ID      0xffff
 #define MFG_REV_OFFSET  0x131008 // For obtaining Golden image version number
 
 namespace pcidev {
@@ -47,7 +47,7 @@ class pci_device {
     uint16_t func =             INVALID_ID;
     uint32_t instance =         INVALID_ID;
     std::string sysfs_name =    ""; // dir name under /sys/bus/pci/devices
-    int user_bar =              0; // BAR mapped in by tools, default is BAR0
+    int user_bar =              0;  // BAR mapped in by tools, default is BAR0
     size_t user_bar_size =      0;
     bool is_mgmt =              false;
     bool is_ready =             false;

diff --git a/src/runtime_src/core/pcie/tools/xbmgmt/cmd_config.cpp b/src/runtime_src/core/pcie/tools/xbmgmt/cmd_config.cpp
@@ -21,13 +21,15 @@
 #include <cstdio>
 #include <getopt.h>
 #include <unistd.h>
+#include <climits>
 #include "xbmgmt.h"
+#include "core/pcie/linux/scan.h"
 
-const char *subCmdConfigDesc = "Parse or update mailbox configuration";
+const char *subCmdConfigDesc = "Parse or update daemon/device configuration";
 const char *subCmdConfigUsage =
-    "--update [--host ip-or-hostname-for-peer]\n"
-    "--show\n"
-    "--purge";
+    "--daemon --host ip-or-hostname-for-peer\n"
+    "--device [--card bdf] --security level\n"
+    "--show [--daemon | --device [--card bdf] ]";
 
 static struct config {
     std::string host;
@@ -56,7 +58,7 @@ std::string getHostname(void)
     return std::string(buf);
 }
 
-static int loadConf(struct config& conf)
+static int loadDaemonConf(struct config& conf)
 {
     // Load default
     conf.host = getHostname();
@@ -87,7 +89,7 @@ static void writeConf(std::ostream& ostr, struct config& conf)
     ostr << "host=" << conf.host << std::endl;
 }
 
-static int update(int argc, char *argv[])
+static int daemon(int argc, char *argv[])
 {
     if (argc < 1)
         return -EINVAL;
@@ -97,7 +99,7 @@ static int update(int argc, char *argv[])
     };
 
     // Load current config.
-    int ret = loadConf(config);
+    int ret = loadDaemonConf(config);
     if (ret != 0)
         return ret;
 
@@ -127,23 +129,152 @@ static int update(int argc, char *argv[])
     return 0;
 }
 
+// Remove daemon config file
 static int purge(int argc, char *argv[])
 {
     if (argc != 1)
         return -EINVAL;
     return remove(configFile.c_str());
 }
 
-static int list(int argc, char *argv[])
+static void showDaemonConf(void)
 {
-    if (argc != 1)
+    (void) loadDaemonConf(config);
+    std::cout << "Daemons:" << std::endl;
+    writeConf(std::cout, config);
+}
+
+static void showDevConf(std::shared_ptr<pcidev::pci_device>& dev)
+{
+    std::string errmsg;
+    int lvl = 0;
+
+    dev->sysfs_get("icap", "sec_level", errmsg, lvl);
+    if (!errmsg.empty()) {
+        std::cout << "can't read security level from " << dev->sysfs_name <<
+            " : " << errmsg << std::endl;
+        return;
+    }
+    std::cout << dev->sysfs_name << ":" << std::endl;
+    std::cout << "\t" << "security level: " << lvl << std::endl;
+}
+
+static int show(int argc, char *argv[])
+{
+    unsigned int index = UINT_MAX;
+    bool daemon = false;
+    bool device = false;
+    const option opts[] = {
+        { "card", required_argument, nullptr, '0' },
+        { "daemon", no_argument, nullptr, '1' },
+        { "device", no_argument, nullptr, '2' },
+    };
+
+    while (true) {
+        const auto opt = getopt_long(argc, argv, "", opts, nullptr);
+        if (opt == -1)
+            break;
+
+        switch (opt) {
+        case '0':
+            index = bdf2index(optarg);
+            if (index == UINT_MAX)
+                return -ENOENT;
+            break;
+        case '1':
+            daemon = true;
+            break;
+        case '2':
+            device = true;
+            break;
+        default:
+            return -EINVAL;
+        }
+    }
+
+    // User should specify either one or none of them, not both
+    if (daemon && device)
         return -EINVAL;
 
-    int ret = loadConf(config);
-    if (ret != 0)
-        return ret;
+    // Show both daemon and device configs, if none specified
+    if (!daemon && !device) {
+        daemon = true;
+        device = true;
+    }
+
+    if (daemon)
+        showDaemonConf();
+
+    if (!device)
+        return 0;
+
+    if (index != UINT_MAX) {
+        auto dev = pcidev::get_dev(index, false);
+        showDevConf(dev);
+        return 0;
+    }
+
+    for (unsigned i = 0; i < pcidev::get_dev_total(false); i++) {
+        auto dev = pcidev::get_dev(i, false);
+        showDevConf(dev);
+    }
+
+    return 0;
+}
+
+static void updateDevConf(std::shared_ptr<pcidev::pci_device>& dev,
+    std::string lvl)
+{
+    std::string errmsg;
+    dev->sysfs_put("icap", "sec_level", errmsg, lvl);
+    if (!errmsg.empty()) {
+        std::cout << "can't set security level for " << dev->sysfs_name << " : "
+            << errmsg << std::endl;
+    }
+}
+
+static int device(int argc, char *argv[])
+{
+    unsigned int index = UINT_MAX;
+    std::string lvl;
+    const option opts[] = {
+        { "card", required_argument, nullptr, '0' },
+        { "security", required_argument, nullptr, '1' },
+    };
+
+    while (true) {
+        const auto opt = getopt_long(argc, argv, "", opts, nullptr);
+        if (opt == -1)
+            break;
+
+        switch (opt) {
+        case '0':
+            index = bdf2index(optarg);
+            if (index == UINT_MAX)
+                return -ENOENT;
+            break;
+        case '1':
+            lvl = optarg;
+            break;
+        default:
+            return -EINVAL;
+        }
+    }
+
+    if (lvl.empty())
+        return -EINVAL;
+
+    if (index != UINT_MAX) {
+        auto dev = pcidev::get_dev(index, false);
+        updateDevConf(dev, lvl);
+        return 0;
+    }
+
+    for (unsigned i = 0; i < pcidev::get_dev_total(false); i++) {
+        auto dev = pcidev::get_dev(i, false);
+        updateDevConf(dev, lvl);
+    }
 
-    writeConf(std::cout, config);
     return 0;
 }
 
@@ -159,10 +290,12 @@ int configHandler(int argc, char *argv[])
     argv++;
 
     if (op.compare("--show") == 0)
-        return list(argc, argv);
-    if (op.compare("--update") == 0)
-        return update(argc, argv);
-    if (op.compare("--purge") == 0)
+        return show(argc, argv);
+    if (op.compare("--daemon") == 0)
+        return daemon(argc, argv);
+    if (op.compare("--device") == 0)
+        return device(argc, argv);
+    if (op.compare("--purge") == 0) // hidden opt to remove daemon config file
         return purge(argc, argv);
     return -EINVAL;
 }
diff --git a/src/runtime_src/core/pcie/tools/xbmgmt/xbmgmt.cpp b/src/runtime_src/core/pcie/tools/xbmgmt/xbmgmt.cpp
@@ -96,7 +96,7 @@ unsigned int bdf2index(const std::string& bdfStr)
         }
     }
 
-    std::cout << "ERROR: No card found for " << bdfStr << std::endl;
+    std::cout << "ERROR: No mgmt PF found for " << bdfStr << std::endl;
     return UINT_MAX;
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -96,7 +96,7 @@ unsigned int bdf2index(const std::string& bdfStr) @@
             }
         }
-        std::cout << "ERROR: No card found for " << bdfStr << std::endl;
+        std::cout << "ERROR: No mgmt PF found for " << bdfStr << std::endl;
         return UINT_MAX;
     }
@@ Expand Down @@