Userland PCI drivers possible in OpenBSD?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Userland PCI drivers possible in OpenBSD?

Joseph Mayer
Maybe this topic is better suited for tech@, you tell:

Is there some way I can implement PCI drivers in userland in OpenBSD?

On a quick Internet search, see some discussion for Linux and NetBSD
e.g. [1] however nothing in OpenBSD.

I may be interested in operating some PCI device manually from my own
program (run as root or user) in OpenBSD, and I can see this being of
interest to others also, asking therefore.

(I could understand if this would require IOMMU support to be safe.)

OpenBSD overall is totally great so I'd prefer running an userland
driver in OpenBSD over another OS.

Thanks,
Joseph

[1] https://wiki.netbsd.org/projects/project/userland_pci/ ,
https://news.ycombinator.com/item?id=16671852

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Mike Larkin-2
On Fri, Jan 10, 2020 at 03:58:16AM +0000, Joseph Mayer wrote:
> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
>

no

> On a quick Internet search, see some discussion for Linux and NetBSD
> e.g. [1] however nothing in OpenBSD.
>
> I may be interested in operating some PCI device manually from my own
> program (run as root or user) in OpenBSD, and I can see this being of
> interest to others also, asking therefore.
>
> (I could understand if this would require IOMMU support to be safe.)
>
> OpenBSD overall is totally great so I'd prefer running an userland
> driver in OpenBSD over another OS.
>
> Thanks,
> Joseph
>
> [1] https://wiki.netbsd.org/projects/project/userland_pci/ ,
> https://news.ycombinator.com/item?id=16671852
>

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Theo de Raadt-2
In reply to this post by Joseph Mayer
We won't help you because we oppose the lack of a security barrier
in such designs.


Joseph Mayer <[hidden email]> wrote:

> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
>
> On a quick Internet search, see some discussion for Linux and NetBSD
> e.g. [1] however nothing in OpenBSD.
>
> I may be interested in operating some PCI device manually from my own
> program (run as root or user) in OpenBSD, and I can see this being of
> interest to others also, asking therefore.
>
> (I could understand if this would require IOMMU support to be safe.)
>
> OpenBSD overall is totally great so I'd prefer running an userland
> driver in OpenBSD over another OS.
>
> Thanks,
> Joseph
>
> [1] https://wiki.netbsd.org/projects/project/userland_pci/ ,
> https://news.ycombinator.com/item?id=16671852
>

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Johannes Krottmayer
On 10.01.20 at 17:26,  Theo de Raadt wrote:
> We won't help you because we oppose the lack of a security barrier
> in such designs.

Detailed explanation (for us stupid users), please.

The same non-response answer. Same with my (simple) User-Space GPIO
driver.

Please don't get wrong, but I had the opportunity to use OpenBSD as
embedded OS for my future projects (primary control units). I had to
change the scheduler, for real-time support and some other changes.

Why at this time OpenBSD?
- For me a good driver base
- good code quality (I have learned much new coding techniques from
  the code)
- That's all

Now without a little help from you?
I started my own kernel. But beware, I start from the "void". Don't
use any existing code from OpenBSD or other projects. Currently I
have enough time to do this. Do you really think I'm stupid for
(referring to other dismissive words to my person from you in the
list) this? Maybe, but beware you don't know any of my other (closed)
projects.

You want kick me from the lists? Do it. Then I know your nature.

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Theo de Raadt-2
Raw physical memory is not exported at all, not even to root.

That is not going to change.

Johannes Krottmayer <[hidden email]> wrote:

> On 10.01.20 at 17:26,  Theo de Raadt wrote:
> > We won't help you because we oppose the lack of a security barrier
> > in such designs.
>
> Detailed explanation (for us stupid users), please.
>
> The same non-response answer. Same with my (simple) User-Space GPIO
> driver.
>
> Please don't get wrong, but I had the opportunity to use OpenBSD as
> embedded OS for my future projects (primary control units). I had to
> change the scheduler, for real-time support and some other changes.
>
> Why at this time OpenBSD?
> - For me a good driver base
> - good code quality (I have learned much new coding techniques from
>   the code)
> - That's all
>
> Now without a little help from you?
> I started my own kernel. But beware, I start from the "void". Don't
> use any existing code from OpenBSD or other projects. Currently I
> have enough time to do this. Do you really think I'm stupid for
> (referring to other dismissive words to my person from you in the
> list) this? Maybe, but beware you don't know any of my other (closed)
> projects.
>
> You want kick me from the lists? Do it. Then I know your nature.

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Tom Smyth
In reply to this post by Johannes Krottmayer
Johannes,
Joseph asked a fair question and he got a direct answer
and a reason for it from two developers. It may not be the answer
that he wanted but the reason for not
implementing  what very experienced developers and computer
scientists determined that usermode PCI drivers like that would
introduce an unacceptable  security  risk for the OS and its users
As a user who wants increased performance yeah Usermode PCI drivers
 sound awesome.

DPDK and VPP all that stuff sound awesome for Networking ...
but they carry a heightened risk for instance one of the recent
Intel CVEs involved using Direct I/O feature which bascally taking
packets from a Nic and shoving them directly to CPU Cache ...
(one might guess at a glance why such features increase performance
but also increase the risk to the OS that happens to be running on
that same CPU )
so optimizations / short cuts or using little known or little
documented features of hardware  which lack the safeguards that
 the Kernel has built into it  is not such a hot idea...
again if you can make things secure and more performant  and
address the inherent risks associated with what is being asked

I think having a go at Devs is not the best way forward...

Regards,
Tom Smyth





On Fri, 10 Jan 2020 at 21:08, Johannes Krottmayer <[hidden email]> wrote:

>
> On 10.01.20 at 17:26,  Theo de Raadt wrote:
> > We won't help you because we oppose the lack of a security barrier
> > in such designs.
>
> Detailed explanation (for us stupid users), please.
>
> The same non-response answer. Same with my (simple) User-Space GPIO
> driver.
>
> Please don't get wrong, but I had the opportunity to use OpenBSD as
> embedded OS for my future projects (primary control units). I had to
> change the scheduler, for real-time support and some other changes.
>
> Why at this time OpenBSD?
> - For me a good driver base
> - good code quality (I have learned much new coding techniques from
>   the code)
> - That's all
>
> Now without a little help from you?
> I started my own kernel. But beware, I start from the "void". Don't
> use any existing code from OpenBSD or other projects. Currently I
> have enough time to do this. Do you really think I'm stupid for
> (referring to other dismissive words to my person from you in the
> list) this? Maybe, but beware you don't know any of my other (closed)
> projects.
>
> You want kick me from the lists? Do it. Then I know your nature.
>


--
Kindest regards,
Tom Smyth.

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

gwes-2
In reply to this post by Joseph Mayer
On 1/9/20 10:58 PM, Joseph Mayer wrote:
> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
Is there any reason not to write a conventional device driver and
build an OS including that driver?

While the kernel environment for a device driver is admittedly
complex, it's likely that there are enough examples and historical
information in published papers and mailing list history to help.
There are a lot of drivers to look at for clues.

There may be a driver which you could extend or adapt to your needs.
Adding an IOCTL, for instance, might suffice.

Long established policy is that your driver is not supported in any way.
Questions which show full research beforehand and good comprehension
of the kernel environment are sometimes answered. Ones showing little
diligence beforehand are ignored or laughed at.

Geoff Steckel

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

William Ahern-2
In reply to this post by Joseph Mayer
On Fri, Jan 10, 2020 at 03:58:16AM +0000, Joseph Mayer wrote:
> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?

In light of the other responses I think the best you could expect is PCI
passthrough to a virtual machine. But you'd first need to add support for
IOMMU and SR-IOV to OpenBSD vmm(4). Judging by some passing mailing-list
comments, I believe such support is welcome in principle.

In some ways such a setup is rather elegant, ignoring the incredible
hardware and firmware complexity hidden in the CPU and controllers. You
don't get to expose the device through typical subsystem interfaces (unless
there's a userland bridge like vscsi(4) or fuse(4)), but the driver could
otherwise look and interact like any other process, supporting UNIX domain
sockets and other common userland IPC interfaces.

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Frank Beuth
In reply to this post by gwes-2
On Fri, Jan 10, 2020 at 07:23:26PM -0500, gwes wrote:
>On 1/9/20 10:58 PM, Joseph Mayer wrote:
>>Maybe this topic is better suited for tech@, you tell:
>>
>>Is there some way I can implement PCI drivers in userland in OpenBSD?
>Is there any reason not to write a conventional device driver and
>build an OS including that driver?

You and/or the original poster may want to look at MirageOS: https://mirage.io/

Depending on the application, the custom-unikernel approach may offer an
otherwise-impossible combination of performance and security.

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Alexandre Ratchov-2
In reply to this post by Joseph Mayer
On Fri, Jan 10, 2020 at 03:58:16AM +0000, Joseph Mayer wrote:

> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
>
> On a quick Internet search, see some discussion for Linux and NetBSD
> e.g. [1] however nothing in OpenBSD.
>
> I may be interested in operating some PCI device manually from my own
> program (run as root or user) in OpenBSD, and I can see this being of
> interest to others also, asking therefore.
>

If you're developing a new driver and you want to do quick
edit->build->test cycles, you could expose in user-space the proper
minimal interface and develop parts (all?) of your driver in
user-space. This is useful especially if the device is poorly
documented or complex and requires many prototyping. Once you
understand the hardware and you're satisified with your design, you
could turn it into a kernel driver.

If you're talking about giving user programs direct access to the PCI
bus, the necessary isolation mechanisms are missing. Furthermore, no
matter if it's running in user-mode or in kernel-mode, the driver code
will do the same thing, so in most cases there's no benefit of running
it in user-space.

my 2 cents

Reply | Threaded
Open this post in threaded view
|

Re: Userland PCI drivers possible in OpenBSD?

Andrew Tipton
In reply to this post by Joseph Mayer
Joseph Mayer wrote:
> Is there some way I can implement PCI drivers in userland in OpenBSD?
>
> On a quick Internet search, see some discussion for Linux and NetBSD
> e.g. [1] however nothing in OpenBSD.
>
> I may be interested in operating some PCI device manually from my own
> program (run as root or user) in OpenBSD, and I can see this being of
> interest to others also, asking therefore.

As others have mentioned, poking at PCI configuration space and raw
physical memory from userspace is wildly insecure.

However, contrary to popular belief, you can in fact poke at devices
from userspace on OpenBSD.  The primary user of this special ability is
the X server, which has a plethora of userspace drivers for
graphics cards.  (It's almost as dangerous as the inteldrm(4) mess!)

While you really really don't want to do this in production, it's handy
for experimenting with PCI devices on a development machine.  Without
further ado, here's how to do it:

  1. Use the 'machdep memory' command in the bootloader to carve out a
     hole in the system's physical memory map.
  2. Set the kern.securelevel sysctl to -1.  (Told you it's a bad idea.)
  3. Set the machdep.allowaperture systel to 2.
  4. Become root.
  5. Open /dev/pci%d to access PCI bus number %d, and issue PCIOCREAD/
     PCIOCWRITE ioctls to access PCI configuration space.  See pci(4)
     for details and the pcidump(8) source for usage examples.
  6. Map the device's base address register(s) to somewhere in physical
     memory space that isn't in use, such as your memory hole.
  7. Open /dev/xf86 and mmap() the section of physical address space
     that you have mapped your device at.  As long as the kernel hasn't
     "claimed" those addresses (i.e. you're mapping the memory hole that
     you created at boot time) the mmap() will succeed.  See xf86(4) for
     a bit more explanation.

Once you've been successful at exploring your shiny new PCI device, and
understand how it works, you can write a proper kernel driver for it so
that it can actually be used on a normal system and by non-root users.

Normal systems run at securelevel=1 (or 2) for good reason, and ideally
are also running with machdep.allowaperture=0.

(I shall now don my flameproof suit.)


Cheers
-Andrew