Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2944193pxb; Mon, 18 Oct 2021 05:18:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwmtVNgWSeLA2xokT63PTiqeKJbbkM7avxuZjitVZxZmJcgE+7RmhdNshE0lJ3phF8//chj X-Received: by 2002:a05:6402:3586:: with SMTP id y6mr43882604edc.292.1634559484622; Mon, 18 Oct 2021 05:18:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634559484; cv=none; d=google.com; s=arc-20160816; b=ZJ6Qga0HkFkSQR5D6Xv+XKreb3sMG68KeqY3IWPBzDu2QHuGaChgtV3h+OJVa1sCH6 5Yk7k7KXotTjAFnFbnqZyh7EaSwklUXVAH1zZUav/yowyEp/J0YJWvb0auNBIDrEkTFZ aqJQsHZzdrpD7dmZg0lPQbKF4IOGrdWfJtgfpbgM1RcJaM44SiDr2tQ2RKMaY4w4kcMM AT4gDnxi18vkfdg3B1J2DZPc+ruU6Hh1sj8xb7QogRJ2bu5b+oUNuvUqfFgdnCD35CBx MgUMgUPLX1V1G8bXVyvQJotHWKwdxGquNzH7Bvi/0/UQNZVoW2Gc8pfw8Dxr81wNgVLi WQIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=yAewyLcE+Idg2TBVnWIZQdCgvhpf0aopYucy/BIqqfQ=; b=YHdkl09HWLMZHBsWnYDDdQxTn2tE8NJl6P+hrqP/2zEjoPS940xcHklM7T00VZUsIw KgAllc3WatVSzN7zWo97H3+5ZxBwrESnI4JUskcz04WFRoI56WAUQ3a+WFyUcKY8hj+x uwGh8NOOmIugwHm5VkNP5CwuzCZz+R+BDQJa4iUprnIiBsBXS8T5SXNTLTUnC/tmGb1U bds8DjQRb3EzNPp4UxJo/1D2ASH1WtyhFlUWYfaNzLltIC9+PkEJVY4vqBVlYxg820Py PWYMn+fH6UQQwCvxrIQr5We9/KDdNu+qVgUSO0fM4ehWQKXwAbQyW7099bBLtnxbhhdM uN4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IkZ3b0MS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y9si937039edd.486.2021.10.18.05.17.40; Mon, 18 Oct 2021 05:18:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IkZ3b0MS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231496AbhJRMPq (ORCPT + 99 others); Mon, 18 Oct 2021 08:15:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:60426 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231310AbhJRMPp (ORCPT ); Mon, 18 Oct 2021 08:15:45 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6F24B60FC3; Mon, 18 Oct 2021 12:13:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1634559214; bh=JZE/18szAvUy5mVaCGRgXJrrABVRJ4b0rsi8noFT/gc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IkZ3b0MSfLm82OzxCOU7adYJFi02YagmoJazhg7LEntEzfOQdqHwsXijFZPe4QPtw xwtKn2ZJjvqdKSJbh+62rRNRcDQXH+5QrQDVWusQU+/IlmLPXzykFgeISq0R7Wk3Gh hblMyMVpPBCIxh/4VYKjOCHOCmFjBQ3qVCvJK2UA= Date: Mon, 18 Oct 2021 14:13:31 +0200 From: Greg KH To: Andi Kleen Cc: Dan Williams , "Michael S. Tsirkin" , Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , Bjorn Helgaas , Richard Henderson , Thomas Bogendoerfer , James E J Bottomley , Helge Deller , "David S . Miller" , Arnd Bergmann , Jonathan Corbet , Paolo Bonzini , David Hildenbrand , Andrea Arcangeli , Josh Poimboeuf , Peter H Anvin , Dave Hansen , Tony Luck , Kirill Shutemov , Sean Christopherson , Kuppuswamy Sathyanarayanan , X86 ML , Linux Kernel Mailing List , Linux PCI , linux-alpha@vger.kernel.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, sparclinux@vger.kernel.org, linux-arch , Linux Doc Mailing List , virtualization@lists.linux-foundation.org, "Reshetova, Elena" Subject: Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() Message-ID: References: <20211009003711.1390019-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20211009003711.1390019-13-sathyanarayanan.kuppuswamy@linux.intel.com> <20211009053103-mutt-send-email-mst@kernel.org> <0e6664ac-cbb2-96ff-0106-9301735c0836@linux.intel.com> <9302f1c2-b3f8-2c9e-52c5-d5a4a2987409@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9302f1c2-b3f8-2c9e-52c5-d5a4a2987409@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 12, 2021 at 11:35:04AM -0700, Andi Kleen wrote: > > I'd rather see more concerted efforts focused/limited core changes > > rather than leaf driver changes until there is a clearer definition of > > hardened. > > A hardened driver is a driver that Ah, you do define this, thank you! > - Had similar security (not API) oriented review of its IO operations > (mainly MMIO access, but also PCI config space) as a non privileged user > interface (like a ioctl). That review should be focused on memory safety. Where is this review done? Where is is documented? Who is responsible for keeping it up to date with every code change to the driver, and to the code that the driver calls and the code that calls the driver? > - Had some fuzzing on these IO interfaces using to be released tools. "some"? What tools? What is the input, and where is that defined? How much fuzzing do you claim is "good enough"? > Right now it's only three virtio drivers (console, net, block) Where was this work done and published? And why only 3? > Really it's no different than what we do for every new unprivileged user > interface. Really? I have seen loads of new drivers from Intel submitted in the past months that would fail any of the above things just based on obvious code reviews that I end up having to do... If you want to start a "hardened driver" effort, there's a lot of real work that needs to be done here and documented, and explained why it can not just be done for the whole kernel... greg k-h