Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2143808pxf; Sat, 27 Mar 2021 03:48:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyK5F7P8g8Ux1LSsOlR/V3ZFvWsn7pCcjcdvNvTec1+ocrQjV4SlxnhVfE366OB+J4V1v8E X-Received: by 2002:a17:907:9709:: with SMTP id jg9mr19261725ejc.276.1616842105349; Sat, 27 Mar 2021 03:48:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616842105; cv=none; d=google.com; s=arc-20160816; b=srBDFeaSkw2tq1CFlhN5XMAZdB7oQBYIdgID4xdC3H3CX2QYqjQ2JWdp8PiwYRvlQ7 GOv3B5Gwp98a8ztgYtCfodzo4yVgEPkxpYiBeUV7z9hV+DzZ2H89s9T447RGzF/Zn/LI A/55cjehRyvWKqGDZkD2+S49mAQBfKTxiLgl0ym33kx1gHMuFbftVBbz6gFPsmfaxDEI Q4365Bfqr1aI1XNPCghx11C7c2cqN7l4yF9onEsasHhNqxothsBWCrAEWk+39G+O1H4U +EFq343gk80w1f4c5PE7DrM37/1+AvTERieykZXQjJULHkwf4YmevJL8huSPdLGI/vLm BlcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=szv2hfQxrygAWvwysiUjkQOazah93F1vxywMnjtpCEs=; b=pL/oH8ajyIvGD4INcbCCTYbhC9BXyTu163dFFFTL/XcKphhp0JFBTQV3EJofyYkshN gbGfUQSwvz76ujdQcIzFi+fU5iPeUMOi/8TJstfMe+bC+7aLbPmHm39xsL0Eeaeub4PS UGCDhABqi4hYXb2nGQW/2MbJyLjJJnadvK7sSvMbdmnyIcXIBdVb9WXA3v6xwPlaIgha HnW8xGLoCOsicI3IBQgZLXpCSSfNi4LYBNJZKE8e5LqsgE7gD3fNTJb6N/1Kf+/17wr6 B0MX6ZGCLPdcWVbVCo16pXWKmPN9nKO7P5sjFiIJP2xjKCWaEMmTTVmJPee/Bn/0+a4j 5Yzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ni1dbeTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w25si8855790ejv.100.2021.03.27.03.48.02; Sat, 27 Mar 2021 03:48:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ni1dbeTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230322AbhC0Kq5 (ORCPT + 99 others); Sat, 27 Mar 2021 06:46:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:39610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229875AbhC0Kqx (ORCPT ); Sat, 27 Mar 2021 06:46:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6DE8D61984; Sat, 27 Mar 2021 10:46:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1616842013; bh=Jcgotmr3iERSwz1nNcEMv4ajNTb/7UPlLDvxvPZRwfI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ni1dbeTbERmIaaVmWzBzbeZViIiOD/zLbWQYUhLHfj2rK/YJxqMYdVJk7YUopNp+o Cvmch4GV0wZ5vBLNmvwp4lsGcKhxX3od9qRQH2AVUlwfsjcRbjOSru7SwbIAof/0/z RpTyOrTzC8CkAJgVbUg9lqX9nHYKBVUTrAlFAVKE= Date: Sat, 27 Mar 2021 11:46:49 +0100 From: Greg Kroah-Hartman To: Bjorn Helgaas Cc: Dan Williams , bhelgaas@google.com, Jonathan Cameron , linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, Christoph Hellwig Subject: Re: [PATCH] PCI: Allow drivers to claim exclusive access to config regions Message-ID: References: <161663543465.1867664.5674061943008380442.stgit@dwillia2-desk3.amr.corp.intel.com> <20210326161247.GA819704@bjorn-Precision-5520> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210326161247.GA819704@bjorn-Precision-5520> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 26, 2021 at 11:12:47AM -0500, Bjorn Helgaas wrote: > [+cc Christoph] > > On Wed, Mar 24, 2021 at 06:23:54PM -0700, Dan Williams wrote: > > The PCIE Data Object Exchange (DOE) mailbox is a protocol run over > > configuration cycles. It assumes one initiator at a time is > > reading/writing the data registers. If userspace reads from the response > > data payload it may steal data that a kernel driver was expecting to > > read. If userspace writes to the request payload it may corrupt the > > request a driver was trying to send. > > IIUC the problem we're talking about is that userspace config access, > e.g., via "lspci" or "setpci" may interfere with kernel usage of DOE. > I attached what I think are the relevant bits from the spec. > > It looks to me like config *reads* should not be a problem: A read of > Write Data Mailbox always returns 0 and looks innocuous. A userspace > read of Read Data Mailbox may return a DW of the data object, but it > doesn't advance the cursor, so it shouldn't interfere with a kernel > read. > > A write to Write Data Mailbox could obviously corrupt an object being > written to the device. A config write to Read Data Mailbox *does* > advance the cursor, so that would definitely interfere with a kernel > user. > > So I think we're really talking about an issue with "setpci" and I > don't expect "lspci" to be a problem. "setpci" is a valuable tool, > and the fact that it can hose your system is not really news. I don't > know how hard we should work to protect against that. Thanks for looking this up and letting us know. So this should be fine, reads are ok, it's not as crazy of a protocol design as Dan alluded to, so the kernel should be ok. No need to add additional "protection" here at all, if you run setpci from userspace, you get what you asked for :) thanks, greg k-h