1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-18 06:03:42 +03:00

19 Commits

Author SHA1 Message Date
Jarkko Sakkinen
b5d3138f91 Enable /dev/sgx_vepc access for the group 'sgx'
Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs
to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU
6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for
VMs. EPC is the reserved physical memory used for hosting enclaves.
2021-12-12 11:02:21 +00:00
Bastien Nocera
94cb45d57f udev: Import hwdb matches for USB devices
Import hwdb matches for USB devices (not interfaces) which don't usually
have a modalias so that it's possible to, for example, make them
available for unprivileged users.
2021-09-01 15:49:34 +02:00
Zbigniew Jędrzejewski-Szmek
8feaea5e3d meson: use jinja2 for rules.d templates 2021-05-19 10:24:43 +09:00
Yu Watanabe
5971630cf6
Merge pull request #19513 from takaswie/topic/ieee1394-hwdb-entries-for-video
hwdb: ieee1394-unit-function: add entries to obsolete existent udev rules for video function
2021-05-06 12:45:05 +09:00
Alyssa Ross
f8eb41003d udev: make /dev/vfio/vfio 0666
Quoting Documentation/driver-api/vfio.rst in Linux:

> note that /dev/vfio/vfio provides no capabilities on its own and is therefore
> expected to be set to mode 0666 by the system
2021-05-05 17:22:00 +02:00
Takashi Sakamoto
e51d5b9c8a hwdb: ieee1394-unit-function: add entry for AV/C device with vendor unique command set
In IEC 61883-1:1998, we can see some values for AV/C device with vendor
unique command set in IEC 61883-1:1998. Current udev rule handles it
for video. However it brings an issue that the functions in AV/C device
are not distinguished just by the content of configuration ROM.

In former commit, hardware database was added to describe function type
of unit in the node, then udev rules are added to utilize the database.

However, we have an request to obsolete existent udev rules by putting
enough entries to the database. It should be done carefully.

This commit adds entry into hardware database just for backward
compatibility. The entry can match to some node and unit unexpectedly.
Therefore this commit modifies existent entries to invalidate the effect
from added entry.

Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-05-05 23:10:29 +09:00
Takashi Sakamoto
002f6e92af hwdb: ieee1394-unit-function: add entry for AV/C device with generic AV/C command set
Typical node of AV/C device has standard content of configuration ROM.
This is defined in documentation of 1394 Trading Association.

 * Configuration ROM for AV/C Devices 1.0 (Dec. 12, 2000, 1394 Trading
   Association, TA Document 1999027)

However, it brings an issue that the functions in AV/C device are not
distinguished just by the content of configuration ROM.

In former commit, hardware database was added to describe function type
of unit in the node, then udev rules are added to utilize the database.

However, we have an request to obsolete existent udev rules by putting
enough entries to the database. It should be done carefully.

This commit adds entry into hardware database just for backward
compatibility. The entry can match to some node and unit unexpectedly.
Therefore this commit modifies existent entries to invalidate the effect
from added entry.

Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-05-05 23:10:29 +09:00
Takashi Sakamoto
70fb7e5da5 hwdb: ieee1394-unit-function: add entries for Point Grey cameras
Point Grey Research, inc. shipped cameras to support IIDC, however some
of them are necessarily compliant to IIDC specification in terms of the
value of software version field in unit directory of configuration ROM.

This commit adds entries for them.

Reviewed-by: Damien Douxchamps <damien@douxchamps.net>
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-05-05 23:10:29 +09:00
Takashi Sakamoto
78eb99c496 hwdb: ieee1394-unit-function: add IIDC generic entries
Instrumentation & Industrial Digital Camera (IIDC) specifications are
defined by 1394 Trading Association for camera device in IEEE 1394 bus.
IIDC2 specifications are defined by joint working group between Japan
Industrial Imaging Association (JIIA) and 1394 Trade Association as
bus-independent specification.

This commit adds entries for the specifications to remove existent udev
rules. Supported specifications are listed below:

 * 1394-based Digital Camera Specification Version 1.04 (Aug. 9, 1996,
   1394 Trading Association)
 * 1394-based Digital Camera Specification Version 1.20 (Jul. 23, 1998,
   1394 Trading Association)
 * IIDC Digital Camera Control Specification Ver.1.30 (Jul. 25, 2000,
   1394 Trading Association)
 * IIDC Digital Camera Control Specification Ver.1.31 (Feb. 2, 2004,
   1394 Trading Association, TA Document 2003017)
 * IIDC Digital Camera Control Specification Ver.1.32 (Jul. 24, 2008,
   1394 Trading Association, Document number 2007009)
 * IIDC2 Digital Camera Control Specification Ver.1.0.0 (Jan 26th, 2012,
   1394 Trading Association, TS2011001)
 * IIDC2 Digital Camera Control Specification Ver.1.1.0 (May 19th, 2015,
   1394 Trading Association, TS2015001)

Reviewed-by: Damien Douxchamps <damien@douxchamps.net>
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-05-05 23:10:29 +09:00
Takashi Sakamoto
f125f8b1ba hwdb: add hardware database for unit of IEEE 1394
Current udev rules configures group owner of firewire character device
to video group, corresponding to nodes in IEEE 1394 in below cases:

1.the node with any unit for any minor version of IIDC version 1
  specification defined by 1394 Trading Association
2.the node with any unit for specification defined by Point Grey Research
3.the node with any unit for AV/C device v1.0 defined by 1394 Trading
  Association
4.the node with any unit for vendor-unique protocol defined by 1394
  Trading Association

Nevertheless, case 3 and 4 can cover the node with any unit for audio
function as well. In the cases, it's convenient to assign audio group.

Additionally, some nodes are known to have layout different from
the specification defined by 1394 Trading Association. In the case,
it's required to add rules specific to them.

Furthermore, some nodes have no fields for vendor name and model name in
configuration ROM. In the case, it's required to add entries to hardware
database for users convenience.

For the above reasons, this commit adds rules to use information in
hardware database for known units in IEEE 1394. One database entry
corresponds to one unit. Two types of key are used to match the unit;
customized key from node context, kernel modalias of unit context.
The entry has the type of function, at least. Supplementally, it has
vendor and model names.

For your information, below statements with Python pyparsing module are
expected to parse all of the custom key and module alias in the list:

```
subsystem_prefix = pp.Literal('ieee1394:').suppress()
hex_to_int = lambda a: int(a[0], 16)

node_prefix = pp.Literal('node:').suppress()
prefixed_lower_hex = pp.Combine(pp.Literal('0x') + pp.Word(pp.srange('[a-z0-9]'), exact=6)).setParseAction(hex_to_int)
ven_in_node = pp.dictOf(pp.Literal('ven'), prefixed_lower_hex)
mo_in_node = pp.dictOf(pp.Literal('mo'), prefixed_lower_hex)
unit_in_node = pp.Group(prefixed_lower_hex + pp.Literal(':').suppress() + prefixed_lower_hex)
units_in_node = pp.Group(pp.Literal('units') + pp.ZeroOrMore(pp.Literal('*')).suppress() + unit_in_node + pp.ZeroOrMore(pp.Literal('*')).suppress())
node_parser = subsystem_prefix + node_prefix + ven_in_node + pp.Optional(mo_in_node) + units_in_node

higher_hex = pp.Word(pp.srange('[A-Z0-9]'), exact=8).setParseAction(hex_to_int)
ven_in_unit = pp.dictOf(pp.Literal('ven'), higher_hex)
mo_literal_in_unit = pp.dictOf(pp.Literal('mo'), higher_hex)
mo_in_unit = pp.dictOf(pp.Literal('mo'), higher_hex ^ pp.Literal('*'))
sp_in_unit = pp.dictOf(pp.Literal('sp'), higher_hex)
ver_in_unit = pp.dictOf(pp.Literal('ver'), higher_hex)
unit_parser = subsystem_prefix + ven_in_unit + mo_in_unit + sp_in_unit + ver_in_unit

key_parser = node_parser ^ unit_parser
```

Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-04-07 11:49:22 +09:00
Zbigniew Jędrzejewski-Szmek
c9c4899f44 udev: add default group for sgx enclave access
Closes #18669.

This creates a "well known" for sgx_enclave ownership. By doing this here we
avoid the risk that various projects making use of the device will provide
similar-but-slightly-incompatible installation instructions, in particular
using different group names.

ACLs are actually a better approach to grant access to users, but not in all
cases, so we want to provide a standard group anyway.

Mode is 0o660, not 0o666 because this is very new code and distributions are
likely to not want to give full access to all users. This might change in the
future, but being conservative is a good default in the beginning.

Rules for /dev/sgx_provision will be provided by libsg-ae-pce:
https://github.com/intel/linux-sgx/issues/678.
2021-03-10 23:05:48 +01:00
Zbigniew Jędrzejewski-Szmek
451ba55fec Revert "udev: do not execute hwdb builtin import twice or thrice"
This reverts commit 876c75fe870846b09b54423a6b719d80bc879b27.

The patch seems to cause usb devices to get some attributes set from the parent
PCI device. 'hwdb' builtin has support for breaking iteration upwards on usb
devices. But when '--subsystem=foo' is specified, iteration is continued. I'm
sure it *could* be figured out, but it seems hard to get all the combinations
correct. So let's revert to functional status quo ante, even if does the lookup
more than once unnecessarily.

Fixes #18125.
2021-03-10 15:26:45 +01:00
Luca Boccassi
32e868f058 udev rules: add rule to create /dev/ptp_hyperv
As for the KVM case, necessary for network cards with
PTP devices when running a guest on HyperV
2021-03-01 11:51:08 +01:00
Marc-André Lureau
f65efddd1c udev: allow kvm group to access vhost-net device
/dev/vhost-net is a host accelerator for virtio net devices. It has been
long available and used, thus should be safe to all KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-01-13 13:12:26 +04:00
Marc-André Lureau
c78939d565 udev: allow kvm group to access vhost-vsock device
/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)

All this should be legitimate and safe for KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-01-13 13:10:19 +04:00
Marc-André Lureau
c4446798fa udev: make /dev/vsock 0666
/dev/vsock supports only ioctl (the only ioctl supported is
IOCTL_VM_SOCKETS_GET_LOCAL_CID), so 0666 should be okay, or 0664 if in
the future we will implement some kind of write support exposed only to
user/group.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-01-13 12:59:43 +04:00
Felipe Borges
7341f6b58d rules.d: Add rule for the /sys/class/dmi/id device
See #15493
2020-12-04 11:22:49 +01:00
Zbigniew Jędrzejewski-Szmek
876c75fe87 udev: do not execute hwdb builtin import twice or thrice
Running the import more than once shouldn't matter, but it's a bit confusing
and causes a slowdown too. This patch reworks the rules to avoid duplicted runs,
but tries to keep the same imports. (E.g. import for pci devices without MODALIAS
is only done for tty devices.)

Note that this is only about hwdb import with argument, which uses MODALIAS as
the lookup key. There are other imports done with different lookup keys.
2020-06-18 18:25:15 +02:00
Zbigniew Jędrzejewski-Szmek
ef2ad30aee Rename udev's rules/ to rules.d/
This change is only about the source tree. We have tmpfiles.d/, modprobe.d/,
sysctl.d/, and sysusers.d/, but for historical reasons, rules/ didn't fit this
pattern. We also *install* it as rules.d/. Let's rename to be consistent.
2019-10-10 00:53:09 +01:00