fwctl/mlx5: Support for communicating with mlx5 fw

JIRA: https://issues.redhat.com/browse/RHEL-86016
Upstream-status: v6.15-rc1
Conflicts:
- MAINTAINERS
	Due to the absence of
	3ae5208 media: i2c: gc0308: new driver (v6.8-rc1)
	-> Adjust context
- drivers/fwctl/mlx5/main.c
	Ajusted for the absence of
	cdd30eb module: Convert symbol namespace to string literal (v6.13-rc2)
	-> Remove quotation marks around FWCTL.

commit 52929c2
Author: Saeed Mahameed <saeedm@nvidia.com>
Date:   Thu Feb 27 20:26:35 2025 -0400

    fwctl/mlx5: Support for communicating with mlx5 fw

    mlx5 FW has a built in security context called UID. Each UID has a set of
    permissions controlled by the kernel when it is created and every command
    is tagged by the kernel with a particular UID. In general commands cannot
    reach objects outside of their UID and commands cannot exceed their UID's
    permissions. These restrictions are enforced by FW.

    This mechanism has long been used in RDMA for the devx interface where
    RDMA will sent commands directly to the FW and the UID limitations
    restrict those commands to a ib_device/verbs security domain. For instance
    commands that would effect other VFs, or global device resources. The
    model is suitable for unprivileged userspace to operate the RDMA
    functionality.

    The UID has been extended with a "tools resources" permission which allows
    additional commands and sub-commands that are intended to match with the
    scope limitations set in FWCTL. This is an alternative design to the
    "command intent log" where the FW does the enforcement rather than having
    the FW report the enforcement the kernel should do.

    Consistent with the fwctl definitions the "tools resources" security
    context is limited to the FWCTL_RPC_CONFIGURATION,
    FWCTL_RPC_DEBUG_READ_ONLY, FWCTL_RPC_DEBUG_WRITE, and
    FWCTL_RPC_DEBUG_WRITE_FULL security scopes.

    Like RDMA devx, each opened fwctl file descriptor will get a unique UID
    associated with each file descriptor.

    The fwctl driver is kept simple and we reject commands that can create
    objects as the UID mechanism relies on the kernel to track and destroy
    objects prior to detroying the UID. Filtering into fwctl sub scopes is
    done inside the driver with a switch statement. This substantially limits
    what is possible to primarily query functions ad a few limited set
    operations.

    mlx5 already has a robust infrastructure for delivering RPC messages to
    fw. Trivially connect fwctl's RPC mechanism to mlx5_cmd_do(). Enforce the
    User Context ID in every RPC header accepted from the FD so the FW knows
    the security context of the issuing ID.

    Link: https://patch.msgid.link/r/7-v5-642aa0c94070+4447f-fwctl_jgg@nvidia.com
    Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
    Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
    Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
    Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

Signed-off-by: Benjamin Poirier <bpoirier@redhat.com>

Author: Benjamin Poirier

Documentation/userspace-api/fwctl/fwctl.rst

@@ -149,6 +149,7 @@ fwctl User API
 ==============
 
 .. kernel-doc:: include/uapi/fwctl/fwctl.h
+.. kernel-doc:: include/uapi/fwctl/mlx5.h
 
 sysfs Class
 -----------

MAINTAINERS

@@ -7986,6 +7986,13 @@ F:	drivers/fwctl/
 F:	include/linux/fwctl.h
 F:	include/uapi/fwctl/
 
+FWCTL MLX5 DRIVER
+M:	Saeed Mahameed <saeedm@nvidia.com>
+R:	Itay Avraham <itayavr@nvidia.com>
+L:	linux-kernel@vger.kernel.org
+S:	Maintained
+F:	drivers/fwctl/mlx5/
+
 GATEWORKS SYSTEM CONTROLLER (GSC) DRIVER
 M:	Tim Harvey <tharvey@gateworks.com>
 M:	Robert Jones <rjones@gateworks.com>

drivers/fwctl/Kconfig

@@ -7,3 +7,17 @@ menuconfig FWCTL
 	  support a wide range of lockdown compatible device behaviors including
 	  manipulating device FLASH, debugging, and other activities that don't
 	  fit neatly into an existing subsystem.
+
+if FWCTL
+config FWCTL_MLX5
+	tristate "mlx5 ConnectX control fwctl driver"
+	depends on MLX5_CORE
+	help
+	  MLX5 provides interface for the user process to access the debug and
+	  configuration registers of the ConnectX hardware family
+	  (NICs, PCI switches and SmartNIC SoCs).
+	  This will allow configuration and debug tools to work out of the box on
+	  mainstream kernel.
+
+	  If you don't know what to do here, say N.
+endif

drivers/fwctl/Makefile

@@ -1,4 +1,5 @@
 # SPDX-License-Identifier: GPL-2.0
 obj-$(CONFIG_FWCTL) += fwctl.o
+obj-$(CONFIG_FWCTL_MLX5) += mlx5/
 
 fwctl-y += main.o

drivers/fwctl/mlx5/Makefile

@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0
+obj-$(CONFIG_FWCTL_MLX5) += mlx5_fwctl.o
+
+mlx5_fwctl-y += main.o