Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1572109pxb;
        Fri, 1 Oct 2021 13:46:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzUQoNXm8/2AwhbFpme4rHEu+9GACugKD7nBxZH/lhPwciDHsi/ifWGa88NAyrR9GrGOxg4
X-Received: by 2002:a17:90b:1c92:: with SMTP id oo18mr22084831pjb.56.1633121187900;
        Fri, 01 Oct 2021 13:46:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1633121187; cv=none;
        d=google.com; s=arc-20160816;
        b=zuHYyvPWd2QzexBP8z6KZbCs3o9bcbJpQTM18tz8r58rVHYNrFXtUrjMhVqQqz9WCc
         PkblTJJfjDcKxSZHuduH/gyrO/192hx/14f5CHRJlziqMVdJcS5BorK39AkHqlCkrqA0
         0tc4B5Ygjtga/LgNv0c6EOD2AsmXAsK9d355csx7uRVvFc0hWbWjgHhHwpUY2gCbAeOO
         IvX1qEldl/Au/XRTgrPd8PkCz3SUPETY2hfcHwih9aSou1cwU/ayphTwhcIyid4dwVYi
         Eonh7Si6ssqWMB0Rghovnaq0/UFeluHpS/x3nyWFC4Wp0jPs14/ZOK8AMa7SHR8FmR/5
         bjqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:organization:references:in-reply-to:date:cc:to:reply-to
         :from:subject:message-id;
        bh=43vqdq2l0XxJolM44eKU2VfKfae8tjrTa/EPJ+HzMZI=;
        b=ztmOrK87GChLldO8uKJ1ADJQWrPmsKrWoPaoksTbrYnB2HdYeubQVG6DjapwIaTZxu
         m/nWsklFtG9xNztwA5FSg2aSMqvPCe0LBytcIC0sgOijqJdxYDBPLJu4koJFOdBrQdvK
         FaLHkzsHFfrdVQVEt78Lx9TZeovJIDLfDLBl9eaHR+m+zwz82nt2BuVBEcd05LGhMJcH
         41XV5rliUX9Fzfrav6keEt3hCHUQJF5y6bbhZNiDPs6P97X+BA8CPKeM+c37TTr047CT
         LSB17Mj752OYAh9HnmPUHNG1Xv17+hiiS03kYX5Wyq39lplb4NULTfrlcGVSN/Kw4EjN
         6vYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x1si10676721pgj.248.2021.10.01.13.46.13;
        Fri, 01 Oct 2021 13:46:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1355515AbhJAUpQ (ORCPT <rfc822;longbowk@gmail.com> + 99 others);
        Fri, 1 Oct 2021 16:45:16 -0400
Received: from mga12.intel.com ([192.55.52.136]:8613 "EHLO mga12.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1355475AbhJAUpN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Oct 2021 16:45:13 -0400
X-IronPort-AV: E=McAfee;i="6200,9189,10124"; a="205059066"
X-IronPort-AV: E=Sophos;i="5.85,340,1624345200"; 
   d="scan'208";a="205059066"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 13:43:26 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,340,1624345200"; 
   d="scan'208";a="619392045"
Received: from linux.intel.com ([10.54.29.200])
  by fmsmga001.fm.intel.com with ESMTP; 01 Oct 2021 13:43:24 -0700
Received: from debox1-desk1.jf.intel.com (debox1-desk1.jf.intel.com [10.54.75.53])
        by linux.intel.com (Postfix) with ESMTP id 846A6580689;
        Fri,  1 Oct 2021 13:43:24 -0700 (PDT)
Message-ID: <f559b543ce28a3333e6690ba217758a08ffadf15.camel@linux.intel.com>
Subject: Re: [PATCH 5/5] platform/x86: Add Intel Software Defined Silicon
 driver
From:   "David E. Box" <david.e.box@linux.intel.com>
Reply-To: david.e.box@linux.intel.com
To:     Greg KH <gregkh@linuxfoundation.org>
Cc:     lee.jones@linaro.org, hdegoede@redhat.com, mgross@linux.intel.com,
        bhelgaas@google.com, andriy.shevchenko@linux.intel.com,
        srinivas.pandruvada@intel.com, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, platform-driver-x86@vger.kernel.org,
        linux-pci@vger.kernel.org
Date:   Fri, 01 Oct 2021 13:43:24 -0700
In-Reply-To: <YVbwgkncsQtWuh/k@kroah.com>
References: <20211001012815.1999501-1-david.e.box@linux.intel.com>
         <20211001012815.1999501-6-david.e.box@linux.intel.com>
         <YVa46eU1VX7CM+Xd@kroah.com>
         <45b6454a3421ac064dff3ba159e02985d3e55440.camel@linux.intel.com>
         <YVbwgkncsQtWuh/k@kroah.com>
Organization: David E. Box
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2021-10-01 at 13:26 +0200, Greg KH wrote:
> On Fri, Oct 01, 2021 at 04:13:58AM -0700, David E. Box wrote:
> > On Fri, 2021-10-01 at 09:29 +0200, Greg KH wrote:
> > > On Thu, Sep 30, 2021 at 06:28:15PM -0700, David E. Box wrote:
> > > > +static long sdsi_device_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> > > > +{
> > > > +       struct miscdevice *miscdev = file->private_data;
> > > > +       struct sdsi_priv *priv = to_sdsi_priv(miscdev);
> > > > +       void __user *argp = (void __user *)arg;
> > > > +       long ret = -EINVAL;
> > > > +
> > > > +       if (!priv->dev_present)
> > > > +               return -ENODEV;
> > > > +
> > > > +       if (!priv->sdsi_enabled)
> > > > +               return -EPERM;
> > > > +
> > > > +       if (cmd == SDSI_IF_READ_STATE)
> > > > +               return sdsi_if_read_state_cert(priv, argp);
> > > > +
> > > > +       mutex_lock(&priv->akc_lock);
> > > > +       switch (cmd) {
> > > > +       case SDSI_IF_PROVISION_AKC:
> > > > +               /*
> > > > +                * While writing an authentication certificate disallow other openers
> > > > +                * from using AKC or CAP.
> > > > +                */
> > > > +               if (!priv->akc_owner)
> > > > +                       priv->akc_owner = file;
> > > > +
> > > > +               if (priv->akc_owner != file) {
> > > 
> > > Please explain how this test would ever trigger and how you tested it?
> > > 
> > > What exactly are you trying to protect from here?  If userspace has your
> > > file descriptor, it can do whatever it wants, don't try to be smarter
> > > than it as you will never win.
> > > 
> > > And why are you using ioctls at all here?  As you are just
> > > reading/writing to the hardware directly, why not just use a binary
> > > sysfs file to be that pipe?  What requires an ioctl at all?
> > 
> > So an original internal version of this did use binary attributes. But there was concern during
> > review that a flow, particularly when doing the two write operations, could not be handled
> > atomically while exposed as separate files. Above is the attempt to handle the situation in the
> > ioctl. That is, whichever opener performs AKC write first would lock out all other openers from
> > performing any write until that file is closed. This is to avoid interfering with that process,
> > should the opener also decide to perform a CAP operation.
> 
> Unfortunately, your code here does not prevent that at all, so your
> moving off of a binary sysfs attribute changed nothing.
> 
> You can "prevent" this from happening just as easily through a sysfs
> attribute as you can a character device node.
> 
> > There may be future commands requiring RW ioctls as well.
> 
> How am I or anyone else supposed to know that?  We write code and review
> it for _today_, not what might be sometime in the future someday.  As
> that will be dealt with when it actually happens.

Sure. Thanks for the insightful review. I'll take your comments back and submit with the reviewed-by
tag. Will probably switch back to sysfs.

David

> 
> greg k-h