From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Bjorn Helgaas <helgaas@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Linux PCI <linux-pci@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH] PCI: Allow drivers to claim exclusive access to config regions
Date: Tue, 30 Mar 2021 13:20:26 +0100 [thread overview]
Message-ID: <20210330132026.00006346@Huawei.com> (raw)
In-Reply-To: <CAPcyv4h_c46tBpemKksciHL4DWu356h7T8A-0eHKUW9H3CZkKw@mail.gmail.com>
On Mon, 29 Mar 2021 09:46:15 -0700
Dan Williams <dan.j.williams@intel.com> wrote:
> On Fri, Mar 26, 2021 at 9:12 AM Bjorn Helgaas <helgaas@kernel.org> wrote:
> >
> > [+cc Christoph]
> >
> > On Wed, Mar 24, 2021 at 06:23:54PM -0700, Dan Williams wrote:
> > > The PCIE Data Object Exchange (DOE) mailbox is a protocol run over
> > > configuration cycles. It assumes one initiator at a time is
> > > reading/writing the data registers. If userspace reads from the response
> > > data payload it may steal data that a kernel driver was expecting to
> > > read. If userspace writes to the request payload it may corrupt the
> > > request a driver was trying to send.
> >
> > IIUC the problem we're talking about is that userspace config access,
> > e.g., via "lspci" or "setpci" may interfere with kernel usage of DOE.
> > I attached what I think are the relevant bits from the spec.
> >
> > It looks to me like config *reads* should not be a problem: A read of
> > Write Data Mailbox always returns 0 and looks innocuous. A userspace
> > read of Read Data Mailbox may return a DW of the data object, but it
> > doesn't advance the cursor, so it shouldn't interfere with a kernel
> > read.
> >
> > A write to Write Data Mailbox could obviously corrupt an object being
> > written to the device. A config write to Read Data Mailbox *does*
> > advance the cursor, so that would definitely interfere with a kernel
> > user.
> >
> > So I think we're really talking about an issue with "setpci" and I
> > don't expect "lspci" to be a problem. "setpci" is a valuable tool,
> > and the fact that it can hose your system is not really news. I don't
> > know how hard we should work to protect against that.
>
> True, the threat is smaller than I was reading, I apologize for that
> noise. Temporary blocking over kernel DOE cycles seems sufficient for
> now.
Was on vacation. Glad I read the whole thread before replying. The
key point as Bjorn identified is that reads don't hurt and as noted
setpci can break many things anyway so I think we are safe on this.
There are more 'exciting' questions to be addressed about firmware
vs OS ownership of particular DOE mailboxes but that's a whole
separate bit of fun for the future.
Jonathan
prev parent reply other threads:[~2021-03-30 12:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-25 1:23 [PATCH] PCI: Allow drivers to claim exclusive access to config regions Dan Williams
2021-03-25 6:54 ` Greg Kroah-Hartman
2021-03-25 8:29 ` Christoph Hellwig
2021-03-25 17:55 ` Dan Williams
2021-03-26 9:18 ` Greg Kroah-Hartman
2021-03-25 17:43 ` Dan Williams
2021-03-26 9:28 ` Greg Kroah-Hartman
2021-03-26 16:12 ` Bjorn Helgaas
2021-03-27 10:46 ` Greg Kroah-Hartman
2021-05-13 21:28 ` Dan Williams
2021-03-29 16:46 ` Dan Williams
2021-03-30 12:20 ` Jonathan Cameron [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210330132026.00006346@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=helgaas@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.