Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp707114ybx;
        Thu, 7 Nov 2019 01:22:01 -0800 (PST)
X-Google-Smtp-Source: APXvYqyJgChzWPdkwzPEFnDMwwKUAgi5hLH5s1GVg6FO9nmnRswvq/oawMhEZfjZeJdVsqq5LYXw
X-Received: by 2002:aa7:d4d8:: with SMTP id t24mr2424516edr.40.1573118521711;
        Thu, 07 Nov 2019 01:22:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573118521; cv=none;
        d=google.com; s=arc-20160816;
        b=Ev2So/nR/+DdSkLQT1xceStb/RqV9GQ4hJpQcetrGxXxB9a9kU883bExWIi/pZ5AVd
         NyjMH5GzXVqx6xrfRWc8H44HH0zWQGFkBqn4xmoDgA0ssmuPyxbB8UXcPTePBRJj5V+e
         N/Uc7F2mlRHt6w2M/reZA7ZBi4uEq9Clc/RGdp7qitQGKqZCIGckgfO1NwDyh2sYz9Aw
         093d5zUvT69FfFYniYKVl0N7LtVdifpn5lbRdERSTDck6lSbFji4Hy6NJH3YME0gxTIK
         qmxe7Bkr5uTZsNyU13+6gogo+A3vvS5pB1jCZG5qnnMEt+mOKurukVSfX246lLfrKu63
         X7cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=Bma0/Yg5bLj42NURs71U5VMEpMvfkneglHDmfyFCpY4=;
        b=CGpI5oZwyeYbWYuuIrdpvNbgcUrFFkUDAHuL3ZgLkqJl3Mgs3Gp7rZ56y4FUFX6FoV
         YTSUvO75Qoi+UhOvSVw6m/GmwJ0OacYGylq1md56NfXi8LLovyLW80EHdTB7TKebI/fy
         OnMhQZT34Rasoe108fzOjhI5dLQSbA+S4InRPZGjZsBPsrgv9WMut4qkDgNIgZdDHJsO
         jvNT6mVLDvwWQMu8NJcRx1Mu5x/nigHdiHg97Xew0V3bXxa3lQfqrdSKb2ZtHZfHvCWD
         5JIjSCyAV0tyTJabC7roWDiRjcF2dxxAcMkhjjgQQQNhaDmhqS90SxOzbzUBLhPmKu4B
         qnyg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m16si1128875ejd.306.2019.11.07.01.21.38;
        Thu, 07 Nov 2019 01:22:01 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733309AbfKGJSl (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Thu, 7 Nov 2019 04:18:41 -0500
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:14587 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727562AbfKGJSk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Nov 2019 04:18:40 -0500
Received: (from willy@localhost)
        by pcw.home.local (8.15.2/8.15.2/Submit) id xA79H4gv015592;
        Thu, 7 Nov 2019 10:17:04 +0100
Date:   Thu, 7 Nov 2019 10:17:04 +0100
From:   Willy Tarreau <w@1wt.eu>
To:     Ingo Molnar <mingo@kernel.org>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        LKML <linux-kernel@vger.kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        Stephen Hemminger <stephen@networkplumber.org>,
        Juergen Gross <jgross@suse.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [patch 5/9] x86/ioport: Reduce ioperm impact for sane usage
 further
Message-ID: <20191107091704.GA15536@1wt.eu>
References: <20191106193459.581614484@linutronix.de>
 <20191106202806.241007755@linutronix.de>
 <CAHk-=wjXcS--G3Wd8ZGEOdCNRAWPaUneyN1ryShQL-_yi1kvOA@mail.gmail.com>
 <20191107082541.GF30739@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20191107082541.GF30739@gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 07, 2019 at 09:25:41AM +0100, Ingo Molnar wrote:
> I.e. the model I'm suggesting is that if a task uses ioperm() or iopl() 
> then it should have a bitmap from that point on until exit(), even if 
> it's all zeroes or all ones. Most applications that are using those 
> primitives really need it all the time and are using just a few ioports, 
> so all the tracking doesn't help much anyway.

I'd go even further, considering that any task having called ioperm()
or iopl() once is granted access to all 64k ports for life: if the task
was granted access to any port, it will be able to request access for any
other port anyway. And we cannot claim that finely filtering accesses
brings any particular reliability in my opinion, considering that it's
generally possible to make the system really sick by starting to play
with most I/O ports. So for me that becomes a matter of trusted vs not
trusted task. Then we can simply have two pages of 0xFF to describe
their I/O access bitmap.

> On a related note, another simplification would be that in principle we 
> could also use just a single bitmap and emulate iopl() as an ioperm(all) 
> or ioperm(none) calls. Yeah, it's not fully ABI compatible for mixed 
> ioperm()/iopl() uses, but is that ABI actually being relied on in 
> practice?

You mean you'd have a unified map for all tasks ? In this case I think
it's simpler and equivalent to simply ignore the values in the calls
and grant full perms to the 64k ports range after the calls were
validated. I could be totally wrong and missing something obvious
though.

Regards,
Willy