Re: [RFC v4 1/1] drm/xe/pf: Restrict device query responses in admin-only PF mode

Thu, 26 Feb 2026 13:33:06 -0800 


On 2/26/2026 5:31 PM, Satyanarayana K V P wrote:
> When the PF is configured for admin‑only mode, it is restricted to
> management functions and should not allow users to run workloads.
> Suppress device capabilities to userspace in admin-only PF mode.
> 
> Signed-off-by: Satyanarayana K V P <[email protected]>
> Cc: Michal Wajdeczko <[email protected]>
> Cc: Rodrigo Vivi <[email protected]>
> Cc: Piotr Piórkowski <[email protected]>
> Cc: Matthew Brost <[email protected]>
> Cc: Thomas Hellström <[email protected]>
> Cc: Michał Winiarski <[email protected]>
> Cc: Dunajski Bartosz <[email protected]>
> Cc: [email protected]
> 
> ---
> V3 -> V4:
> - Suppressed device capabilities in admin-only PF mode. (Wajdeczko)
> 
> V2 -> V3:
> - Introduced new helper function xe_debugfs_create_files() to create
> debugfs entries based on admin_only_pf mode or normal mode.
> 
> V1 -> V2:
> - Rebased to latest drm-tip.
> - Update update_minor_dev() to debugfs_minor_dev().
> ---
>  drivers/gpu/drm/xe/xe_device.c | 14 ++++++++++++++
>  drivers/gpu/drm/xe/xe_query.c  | 11 ++++++++++-
>  drivers/gpu/drm/xe/xe_sriov.h  |  8 ++++++++
>  3 files changed, 32 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/xe/xe_device.c b/drivers/gpu/drm/xe/xe_device.c
> index 3462645ca13c..7bf462eed917 100644
> --- a/drivers/gpu/drm/xe/xe_device.c
> +++ b/drivers/gpu/drm/xe/xe_device.c
> @@ -25,6 +25,7 @@
>  #include "regs/xe_regs.h"
>  #include "xe_bo.h"
>  #include "xe_bo_evict.h"
> +#include "xe_configfs.h"
>  #include "xe_debugfs.h"
>  #include "xe_defaults.h"
>  #include "xe_devcoredump.h"
> @@ -213,6 +214,11 @@ static const struct drm_ioctl_desc xe_ioctls[] = {
>                         DRM_RENDER_ALLOW),
>  };
>  
> +static const struct drm_ioctl_desc xe_pf_admin_only_ioctls[] = {
> +     DRM_IOCTL_DEF_DRV(XE_DEVICE_QUERY, xe_query_ioctl, DRM_RENDER_ALLOW),
> +     DRM_IOCTL_DEF_DRV(XE_OBSERVATION, xe_observation_ioctl, 
> DRM_RENDER_ALLOW),
> +};
> +
>  static long xe_drm_ioctl(struct file *file, unsigned int cmd, unsigned long 
> arg)
>  {
>       struct drm_file *file_priv = file->private_data;
> @@ -442,6 +448,14 @@ struct xe_device *xe_device_create(struct pci_dev *pdev,
>       struct xe_device *xe;
>       int err;
>  
> +     if (xe_configfs_admin_only_pf(pdev)) {

maybe we should add a note why we have to use configfs directly (and not 
a helper introduced below)

> +             driver.ioctls = xe_pf_admin_only_ioctls;
> +             driver.num_ioctls = ARRAY_SIZE(xe_pf_admin_only_ioctls);
> +     } else {
> +             driver.ioctls = xe_ioctls;
> +             driver.num_ioctls = ARRAY_SIZE(xe_ioctls);
> +     }

you shouldn't modify this singleton "driver" as its pointer will be passed
to devm_drm_dev_alloc() and will be referenced later by the drm code and
in case of multiple devices, above overwrite will mess things up.

as suggested before, define separate "driver_admin_only_pf" struct

> +
>       xe_display_driver_set_hooks(&driver);
>  
>       err = aperture_remove_conflicting_pci_devices(pdev, driver.name);
> diff --git a/drivers/gpu/drm/xe/xe_query.c b/drivers/gpu/drm/xe/xe_query.c
> index 34db266b723f..1416ab7be809 100644
> --- a/drivers/gpu/drm/xe/xe_query.c
> +++ b/drivers/gpu/drm/xe/xe_query.c
> @@ -215,7 +215,10 @@ static int query_engines(struct xe_device *xe,
>                       i++;
>               }
>  
> -     engines->num_engines = i;
> +     if (xe_device_is_admin_only(xe))
> +             engines->num_engines = 0;
> +     else
> +             engines->num_engines = i;

shouldn't you also modify calc_hw_engine_info_size() and then skip
buffer setup?

>  
>       if (copy_to_user(query_ptr, engines, size)) {
>               kfree(engines);
> @@ -297,6 +300,9 @@ static int query_mem_regions(struct xe_device *xe,
>               }
>       }
>  
> +     if (xe_device_is_admin_only(xe)) 
> +             mem_regions->num_mem_regions = 0;
> +

same here

>       if (!copy_to_user(query_ptr, mem_regions, size))
>               ret = 0;
>       else
> @@ -419,6 +425,9 @@ static int query_gt_list(struct xe_device *xe, struct 
> drm_xe_device_query *query
>               iter++;
>       }
>  
> +     if (xe_device_is_admin_only(xe))
> +             gt_list->num_gt = 0;
> +

and here

>       if (copy_to_user(query_ptr, gt_list, size)) {
>               kfree(gt_list);
>               return -EFAULT;

and what about query_config() ?

> diff --git a/drivers/gpu/drm/xe/xe_sriov.h b/drivers/gpu/drm/xe/xe_sriov.h
> index 72e55543c30e..be426afa90b1 100644
> --- a/drivers/gpu/drm/xe/xe_sriov.h
> +++ b/drivers/gpu/drm/xe/xe_sriov.h
> @@ -37,6 +37,14 @@ static inline bool xe_device_is_sriov_vf(const struct 
> xe_device *xe)
>       return xe_device_sriov_mode(xe) == XE_SRIOV_MODE_VF;
>  }
>  
> +static inline bool xe_device_is_admin_only(const struct xe_device *xe)

rather:

        xe_device_is_admin_only_pf()

> +{
> +     if (xe_device_is_sriov_pf(xe) && xe->sriov.pf.admin_only)
> +             return true;
> +     else
> +             return false;

just:
        return xe_device_is_sriov_pf(xe) && xe->sriov.pf.admin_only;

> +}
> +
>  #define IS_SRIOV_PF(xe) xe_device_is_sriov_pf(xe)
>  #define IS_SRIOV_VF(xe) xe_device_is_sriov_vf(xe)
>  

btw, we may also want to double check that setting from configfs was valid
(we are really running on the PF device) and abort probe if not 
























					Reply via email to