Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp4190946rwe; Tue, 30 Aug 2022 06:13:52 -0700 (PDT) X-Google-Smtp-Source: AA6agR5j1wmu1NCNNxD9my3ZyZMKP7N2tR+lvBkL9FrYYdSZc1RojXWQ2GZbcknPpTawHIIRfPjb X-Received: by 2002:a17:907:a068:b0:741:3cb1:9ffe with SMTP id ia8-20020a170907a06800b007413cb19ffemr11616571ejc.293.1661865232513; Tue, 30 Aug 2022 06:13:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661865232; cv=none; d=google.com; s=arc-20160816; b=hDM+FDf5l9sC/EyWmMNbCvijtVNHSuqnKPZf1HrB3xI1nsU9aVeRlW8WTdm4cTuEL/ qZd5BLhqZSGYydJfOs2uxCE2XREpcwvlhnk6cLZTpsoth95zV65UAjFtBIFI05PXlMmz 6oHYzrOsW3DRrBFURylsFmMYox65GyIuLXKJ8D0H9MPd7HCRhLLIG6cZckU0ZJyv3jhS +Xow0KY/cW6arPR4740oLvI702D7A8/igDrnIffo+0TD+pj4ThNknuTTnHR8TXzYotQx xsZb5Rf/raIdrjKflLDhik4Xu6p08D9eyzr4hue3HGC6IdvF+NBWCnuyxwb5OVXgqvAg hfHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=msRa2frfys7AJDDNyNUmHDTylVsJd7Iw/z7jis/U1i0=; b=Rdx/LDapmbVXQoK+iwJQAAu+Emkj/gj/9ACInBao8mmgAbV2kSroDxqLfdB+x//pKw sNN9Jkb3UPgw8/qQpkYFC3K0oASKjg1m0r9yLxhuOqlVNYq7gZxnI0wXmbS7iYHhOpLC fmv86t8einQLxQ1ZC/gA3xd8nm0mQAwE3nrE3OwnygddobB26UqAQgMKk5jutqQ8IdTB COj8Sb/aMhYzh+HF2pdecpr1zP6CFQ00bV4HPMBK2k2ZG9ZG2ZT2xezs0nCsrRnj578X ocCINyjHd4E/urs+FoJaQsytGPMA99odin4tz5dTLJRgtkfyfvM+Njft9jXBSaNR6DMg Bzcw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ht11-20020a170907608b00b0072ee27ef788si9480599ejc.838.2022.08.30.06.13.26; Tue, 30 Aug 2022 06:13:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230113AbiH3MyY (ORCPT + 99 others); Tue, 30 Aug 2022 08:54:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230078AbiH3Mxx (ORCPT ); Tue, 30 Aug 2022 08:53:53 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 835A614FC96; Tue, 30 Aug 2022 05:53:45 -0700 (PDT) Received: from fraeml708-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4MH6ft0wyhz687Jl; Tue, 30 Aug 2022 20:53:10 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (7.191.163.240) by fraeml708-chm.china.huawei.com (10.206.15.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 30 Aug 2022 14:53:42 +0200 Received: from localhost (10.202.226.42) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 30 Aug 2022 13:53:41 +0100 Date: Tue, 30 Aug 2022 13:53:40 +0100 From: Jonathan Cameron To: Ira Weiny CC: Dan Williams , Bjorn Helgaas , Greg Kroah-Hartman , Alison Schofield , Vishal Verma , Ben Widawsky , , , Subject: Re: [PATCH V2 1/2] PCI: Allow drivers to request exclusive config regions Message-ID: <20220830135340.00000e6f@huawei.com> In-Reply-To: References: <20220824232450.723179-1-ira.weiny@intel.com> <20220824232450.723179-2-ira.weiny@intel.com> <20220825160658.000051a6@huawei.com> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.226.42] X-ClientProxiedBy: lhrpeml100006.china.huawei.com (7.191.160.224) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 25 Aug 2022 08:47:25 -0700 Ira Weiny wrote: > On Thu, Aug 25, 2022 at 04:06:58PM +0100, Jonathan Cameron wrote: > > On Wed, 24 Aug 2022 16:24:49 -0700 > > ira.weiny@intel.com wrote: > > > > > From: Ira Weiny > > > > > > PCI config space access from user space has traditionally been > > > unrestricted with writes being an understood risk for device operation. > > > > > > Unfortunately, device breakage or odd behavior from config writes lacks > > > indicators that can leave driver writers confused when evaluating > > > failures. This is especially true with the new PCIe Data Object > > > Exchange (DOE) mailbox protocol where backdoor shenanigans from user > > > space through things such as vendor defined protocols may affect device > > > operation without complete breakage. > > > > > > A prior proposal restricted read and writes completely.[1] Greg and > > > Bjorn pointed out that proposal is flawed for a couple of reasons. > > > First, lspci should always be allowed and should not interfere with any > > > device operation. Second, setpci is a valuable tool that is sometimes > > > necessary and it should not be completely restricted.[2] Finally > > > methods exist for full lock of device access if required. > > > > > > Even though access should not be restricted it would be nice for driver > > > writers to be able to flag critical parts of the config space such that > > > interference from user space can be detected. > > > > > > Introduce pci_request_config_region_exclusive() to mark exclusive config > > > regions. Such regions trigger a warning and kernel taint if accessed > > > via user space. > > > > > > Create pci_warn_once() to restrict the user from spamming the log. > > > > > > [1] https://lore.kernel.org/all/161663543465.1867664.5674061943008380442.stgit@dwillia2-desk3.amr.corp.intel.com/ > > > [2] https://lore.kernel.org/all/YF8NGeGv9vYcMfTV@kroah.com/ > > > > > > Cc: Bjorn Helgaas > > > Cc: Greg Kroah-Hartman > > > Cc: Jonathan Cameron > > > Suggested-by: Dan Williams > > > Signed-off-by: Ira Weiny > > One comment inline. > > > > I'm not totally convinced of the necessity of this, but done this way > > it has very little impact so I'm fine with it. > > > > Other than the comment about not realigning things... > > > > Reviewed-by: Jonathan Cameron > > Thanks! > > [snip] > > > > /* drivers/pci/bus.c */ > > > void pci_add_resource(struct list_head *resources, struct resource *res); > > > void pci_add_resource_offset(struct list_head *resources, struct resource *res, > > > @@ -2486,14 +2502,15 @@ void pci_uevent_ers(struct pci_dev *pdev, enum pci_ers_result err_type); > > > #define pci_printk(level, pdev, fmt, arg...) \ > > > dev_printk(level, &(pdev)->dev, fmt, ##arg) > > > > > > -#define pci_emerg(pdev, fmt, arg...) dev_emerg(&(pdev)->dev, fmt, ##arg) > > > -#define pci_alert(pdev, fmt, arg...) dev_alert(&(pdev)->dev, fmt, ##arg) > > > -#define pci_crit(pdev, fmt, arg...) dev_crit(&(pdev)->dev, fmt, ##arg) > > > -#define pci_err(pdev, fmt, arg...) dev_err(&(pdev)->dev, fmt, ##arg) > > > -#define pci_warn(pdev, fmt, arg...) dev_warn(&(pdev)->dev, fmt, ##arg) > > > -#define pci_notice(pdev, fmt, arg...) dev_notice(&(pdev)->dev, fmt, ##arg) > > > -#define pci_info(pdev, fmt, arg...) dev_info(&(pdev)->dev, fmt, ##arg) > > > -#define pci_dbg(pdev, fmt, arg...) dev_dbg(&(pdev)->dev, fmt, ##arg) > > > +#define pci_emerg(pdev, fmt, arg...) dev_emerg(&(pdev)->dev, fmt, ##arg) > > > +#define pci_alert(pdev, fmt, arg...) dev_alert(&(pdev)->dev, fmt, ##arg) > > > +#define pci_crit(pdev, fmt, arg...) dev_crit(&(pdev)->dev, fmt, ##arg) > > > +#define pci_err(pdev, fmt, arg...) dev_err(&(pdev)->dev, fmt, ##arg) > > > +#define pci_warn(pdev, fmt, arg...) dev_warn(&(pdev)->dev, fmt, ##arg) > > > +#define pci_warn_once(pdev, fmt, arg...) dev_warn_once(&(pdev)->dev, fmt, ##arg) > > > +#define pci_notice(pdev, fmt, arg...) dev_notice(&(pdev)->dev, fmt, ##arg) > > > +#define pci_info(pdev, fmt, arg...) dev_info(&(pdev)->dev, fmt, ##arg) > > > +#define pci_dbg(pdev, fmt, arg...) dev_dbg(&(pdev)->dev, fmt, ##arg) > > > > This realignment is a lot of noise. Do we really care about one diffentlyu > > aligned entry? + if you are going to do it two tabs rather than a space > > following the tab (I think that's what you have here?) > > I struggled a bit on this. Not aligning makes the final code look odd while > the patch looks good. Aligning with 2 tabs pushes everything past the 80 col > standard. If you really want to do this then break the 80 char limit. Weird space + tab combinations are a bad idea longer term. Maybe do reformat as precursor 'no functional change' patch to make it all readable? > > This seemed like a good compromise. > > Thanks for the review, > Ira > >