Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3883050pxb;
        Mon, 27 Sep 2021 04:57:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxaxhuh0ZboxLzz49cAJCMR748/BRo6GGspqKD4VjrgGkOqt/18vBpCHj1TZ+ZrGoYWKwLQ
X-Received: by 2002:a05:6402:21ef:: with SMTP id ce15mr22410069edb.19.1632743844985;
        Mon, 27 Sep 2021 04:57:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1632743844; cv=none;
        d=google.com; s=arc-20160816;
        b=ybb2Xx5HBK2DTlWWA+08GVESlQh6Zcm3gVcX7rBOVObJNJwr9Q/cwVi6lGNxrRqgLf
         gy8og7HsxnbduMT/kpDOQkB5QQu3UFSwHQhOspKRTeklka61JeM8Vu+VSwZ9JTDmFgs0
         /rpHRhtRzjh2DebBzyyXXPTNfB/w/JUd9HLyW5K42Dh0wY645AdIZ+srBtnafsFu0jws
         GoawVjPpRWM7W9uhNIDK0kIUE3fhIym1spDtzOyBIvZG2/AkdUsZ9zYaVp+b+R5loUJt
         kmblzus27ls23jkBc8Veg3pfGaqhvAizp0p9ChT2PwwjjLJvWWMAr5TlVGTmFN4Jw+Gy
         hMXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=oa/TbpgruSsRy7RKLYRs8xCB3LwAR07OHiXD6cmV9jw=;
        b=TeOfQAHtvjksfCXunJPkoUOCTEuunc4kquW4TAvld7pyvnSIKD0Mo5vPU1TC07R0aj
         ynoiQRMj7JBqqYF50PaKZdPu2AcaGjpF9UBMCU30ciuIs/EQnKxdxn14pEFpblUwEepi
         cdcH2CJGXu4Dx8TE+dKpcwFNJcCtdNG7OYJdWzbt7qhzVZ/55dqtw4ZIZFpACfefOVIr
         BHzgUv+CCwhq7aTAgrItom6JiOZEY3gdcm+h4kqhxn551H1ENnlmasbvzg0Q0KEthydX
         AO+XiULzR2jJl3DcT3JVAJqPkhjanfxOyi9xtAGgqr9lWqYM1SnCehZ+8asaPdMeEz4D
         jrcA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YaUXTiQm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i27si17987477edb.193.2021.09.27.04.57.01;
        Mon, 27 Sep 2021 04:57:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YaUXTiQm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234117AbhI0LzH (ORCPT <rfc822;loic.yhuel@gmail.com> + 99 others);
        Mon, 27 Sep 2021 07:55:07 -0400
Received: from mail.kernel.org ([198.145.29.99]:56210 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234015AbhI0LzG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Sep 2021 07:55:06 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id BA30360F6C;
        Mon, 27 Sep 2021 11:53:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1632743608;
        bh=Q2dHeySo3zRsXGknIbLs6i+yTpWx2dDgGoEFYPDr5/8=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=YaUXTiQmxWntMdcP1V6UabAj5J8Y25L1/E0AYpGsph11k51k6VvuI8uPokBfxbcAk
         m2uUNUxT0DP/R0xJf6IGUC8maz/OqFGDLCwx0qK2IoUljTtiFro1XMJp+GmLED5ssx
         T1ku5NlihRu34GIj81fPeIw7ebnIWBENHWl+gsXCpbVoVK2JoPlPV9W9/7Ky2991FF
         arzkdMMFq4EaH/2DLzzcuKPhUe4TrV024+K0jMiavouR22LFvA7VwYQ1mEsRJO8slE
         0+cd42Ha63JskwWD96PNT2Osmj6PMhlOW5OdUO22AYB3Y6mybJGQC1TChNKODmw7Ew
         1Cj5jreVMvoQQ==
Date:   Mon, 27 Sep 2021 14:53:24 +0300
From:   Leon Romanovsky <leon@kernel.org>
To:     Simon Horman <simon.horman@corigine.com>
Cc:     "David S . Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexandre Belloni <alexandre.belloni@bootlin.com>,
        Andrew Lunn <andrew@lunn.ch>, Ariel Elior <aelior@marvell.com>,
        Bin Luo <luobin9@huawei.com>,
        Claudiu Manoil <claudiu.manoil@nxp.com>,
        Coiby Xu <coiby.xu@gmail.com>,
        Derek Chickles <dchickles@marvell.com>, drivers@pensando.io,
        Felix Manlunas <fmanlunas@marvell.com>,
        Florian Fainelli <f.fainelli@gmail.com>,
        Geetha sowjanya <gakula@marvell.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        GR-everest-linux-l2@marvell.com, GR-Linux-NIC-Dev@marvell.com,
        hariprasad <hkelam@marvell.com>,
        Ido Schimmel <idosch@nvidia.com>,
        Intel Corporation <linuxwwan@intel.com>,
        intel-wired-lan@lists.osuosl.org,
        Ioana Ciornei <ioana.ciornei@nxp.com>,
        Jerin Jacob <jerinj@marvell.com>,
        Jesse Brandeburg <jesse.brandeburg@intel.com>,
        Jiri Pirko <jiri@nvidia.com>,
        Jonathan Lemon <jonathan.lemon@gmail.com>,
        Linu Cherian <lcherian@marvell.com>,
        linux-kernel@vger.kernel.org, linux-omap@vger.kernel.org,
        linux-rdma@vger.kernel.org, linux-staging@lists.linux.dev,
        Loic Poulain <loic.poulain@linaro.org>,
        Manish Chopra <manishc@marvell.com>,
        M Chetan Kumar <m.chetan.kumar@intel.com>,
        Michael Chan <michael.chan@broadcom.com>,
        Michael Guralnik <michaelgur@mellanox.com>,
        netdev@vger.kernel.org, oss-drivers@corigine.com,
        Richard Cochran <richardcochran@gmail.com>,
        Saeed Mahameed <saeedm@nvidia.com>,
        Satanand Burla <sburla@marvell.com>,
        Sergey Ryazanov <ryazanov.s.a@gmail.com>,
        Shannon Nelson <snelson@pensando.io>,
        Subbaraya Sundeep <sbhatta@marvell.com>,
        Sunil Goutham <sgoutham@marvell.com>,
        Taras Chornyi <tchornyi@marvell.com>,
        Tariq Toukan <tariqt@nvidia.com>,
        Tony Nguyen <anthony.l.nguyen@intel.com>,
        UNGLinuxDriver@microchip.com, Vadym Kochan <vkochan@marvell.com>,
        Vivien Didelot <vivien.didelot@gmail.com>,
        Vladimir Oltean <vladimir.oltean@nxp.com>
Subject: Re: [PATCH net-next v1 13/21] nfp: Move delink_register to be last
 command
Message-ID: <YVGwtNEcWSgYvyyV@unreal>
References: <cover.1632565508.git.leonro@nvidia.com>
 <f393212ad3906808ee7eb5cff06ef2e053eb9d2b.1632565508.git.leonro@nvidia.com>
 <20210927083923.GC17484@corigine.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210927083923.GC17484@corigine.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 27, 2021 at 10:39:24AM +0200, Simon Horman wrote:
> On Sat, Sep 25, 2021 at 02:22:53PM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > Open user space access to the devlink after driver is probed.
> 
> Hi Leon,
> 
> I think a description of why is warranted here.

After devlink_register(), users can send GET and SET netlink commands to
the uninitialized driver. In some cases, nothing will happen, but not in
all and hard to prove that ALL drivers are safe with such early access.

It means that local users can (in theory for some and in practice for
others) crash the system (or leverage permissions) with early devlink_register()
by accessing internal to driver pointers that are not set yet.

Like I said in the commit message, I'm not fixing all drivers.
https://lore.kernel.org/netdev/cover.1632565508.git.leonro@nvidia.com/T/#m063eb4e67389bafcc3b3ddc07197bf43181b7209

Because some of the driver authors made a wonderful job to obfuscate their
driver and write completely unmanageable code.

I do move devlink_register() to be last devlink command for all drivers,
to allow me to clean devlink core locking and API in next series.

This series should raise your eyebrow and trigger a question: "is my
driver vulnerable too?". And the answer will depend on devlink_register()
position in the .probe() call.

Thanks

> 
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>