2022-09-26 23:05:00

by Ira Weiny

[permalink] [raw]
Subject: [PATCH V3 0/2] CXL: Taint user access to DOE mailbox config space

From: Ira Weiny <[email protected]>

Changes from V2
Incorporate feedback from Greg and Jonathan

Changes from V1
Incorporate feedback from Dan and Greg.

PCI config space access from user space has traditionally been unrestricted
with writes being an understood risk for device operation.

Unfortunately, device breakage or odd behavior from config writes lacks
indicators that can leave driver writers confused when evaluating failures.
This is especially true with the new PCIe Data Object Exchange (DOE) mailbox
protocol where backdoor shenanigans from user space through things such as
vendor defined protocols may affect device operation without complete breakage.

Even though access should not be restricted it would be nice for driver writers
to be able to flag critical parts of the config space such that interference
from user space can be detected.

Introduce pci_request_config_region_exclusive() and use it in the CXL driver
for DOE config space.

Ira Weiny (2):
PCI: Allow drivers to request exclusive config regions
cxl/doe: Request exclusive DOE access

drivers/cxl/pci.c | 5 +++++
drivers/pci/pci-sysfs.c | 7 +++++++
drivers/pci/probe.c | 6 ++++++
include/linux/ioport.h | 2 ++
include/linux/pci.h | 17 +++++++++++++++++
include/uapi/linux/pci_regs.h | 1 +
kernel/resource.c | 13 ++++++++-----
7 files changed, 46 insertions(+), 5 deletions(-)


base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff
--
2.37.2


2022-10-22 00:02:47

by Dan Williams

[permalink] [raw]
Subject: RE: [PATCH V3 0/2] CXL: Taint user access to DOE mailbox config space

ira.weiny@ wrote:
> From: Ira Weiny <[email protected]>
>
> Changes from V2
> Incorporate feedback from Greg and Jonathan
>
> Changes from V1
> Incorporate feedback from Dan and Greg.
>
> PCI config space access from user space has traditionally been unrestricted
> with writes being an understood risk for device operation.
>
> Unfortunately, device breakage or odd behavior from config writes lacks
> indicators that can leave driver writers confused when evaluating failures.
> This is especially true with the new PCIe Data Object Exchange (DOE) mailbox
> protocol where backdoor shenanigans from user space through things such as
> vendor defined protocols may affect device operation without complete breakage.
>
> Even though access should not be restricted it would be nice for driver writers
> to be able to flag critical parts of the config space such that interference
> from user space can be detected.
>
> Introduce pci_request_config_region_exclusive() and use it in the CXL driver
> for DOE config space.
>
> Ira Weiny (2):
> PCI: Allow drivers to request exclusive config regions
> cxl/doe: Request exclusive DOE access
>
> drivers/cxl/pci.c | 5 +++++
> drivers/pci/pci-sysfs.c | 7 +++++++
> drivers/pci/probe.c | 6 ++++++
> include/linux/ioport.h | 2 ++
> include/linux/pci.h | 17 +++++++++++++++++
> include/uapi/linux/pci_regs.h | 1 +
> kernel/resource.c | 13 ++++++++-----
> 7 files changed, 46 insertions(+), 5 deletions(-)
>
>
> base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff

Applied for v6.2. I am not a huge fan of the driver_exclusive_resource
naming since it leaves out the configuration address space aspect.
However, any other naming I can think of confuses it with the
traditional PCI device resources which do more than just host
exclusions.