From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5C587C433EF for ; Fri, 25 Mar 2022 09:18:54 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6B4B984143; Fri, 25 Mar 2022 10:18:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="Ztt8Cv8K"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4B3C884171; Fri, 25 Mar 2022 10:18:50 +0100 (CET) Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AF18C84130 for ; Fri, 25 Mar 2022 10:18:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ascull@google.com Received: by mail-qk1-x732.google.com with SMTP id k125so5538110qkf.0 for ; Fri, 25 Mar 2022 02:18:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wQzRyXqjsNblK69fhfNSTux6Gj5fQ85agZlCW0xHVzA=; b=Ztt8Cv8KMKqa8/uAI6zrWsB/LgGuhbCOGilDrAaNtixC+eoH6Qxz1+xWhGHjdSvgZW zh0JKDSSiKXIVyuEGg0O9wvhpsoMO0oGnc+cjI7OhK+EPuWXSj8t5et5Ceh7BlJWEhBl ImCZgBQ/ttVzQuCdHmUFQo6kqlqUUuOi8gaUq1X43lYzek1ij33RM73ID1JZGlXfhQpC 9fFuidCavFbsfQUDDIbtdQ5ZXEHUqO2xjwHWD4HkO1TSMhgM9qNsHrFuyyLdkn1Y4rCh 7ijNbkM/0RDwv2ZFTfGScsLVB7+nYlVT890/KZyDT71HbTBfoInl3NweSB64gC29s0FP 09Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wQzRyXqjsNblK69fhfNSTux6Gj5fQ85agZlCW0xHVzA=; b=2Tjz14Yuuv0BbLbqH/Ru0BoQ3cv/6zFkHcUUp32ADKN+TRsBScG9CsA+BfNaTpfnkU Qo991txv9WPYBvHBCNAaW4Zu0VJL5W6I7X/rbbBRQ5EdEIzyv19E38Xk3L11iPbi4waz a0oE5JoYmRU5RZUILVYjn0btZqPuVXb3LtxVwacXMHAq8EKreQM3qGRdah52xrpoqgEL VpMqELVPLyFeCZoCKT8CvD5w7f9Y6N7rFGQ0Cix+j9TtY93Qt+WcAAx+T/DM4mxxQzst 9o4TFHHPJV9AfrZkY9BEtTL2K4+6vR7XcTLOa8vsHf8mBv6IcuIxGF0ztSKTVN9QoWau 7aiQ== X-Gm-Message-State: AOAM531GXKaEI9Dk0QiM1AJavsstLe+MsO77u8xQg4MUxMmmD43Qif/+ hYT1C0+Inu/HXKVqnJA7OArwc+n8lbyTq4F+tt3wdQ== X-Google-Smtp-Source: ABdhPJzDOt5omJml7wQil0U0td2XUziyUX9J7JaQz+8RSVnt0uHeOLAq7TuV9Vgjna91B1FQO3tRiBwStIyzR7JVDyQ= X-Received: by 2002:a05:620a:4244:b0:67e:86d7:757f with SMTP id w4-20020a05620a424400b0067e86d7757fmr6122348qko.779.1648199925286; Fri, 25 Mar 2022 02:18:45 -0700 (PDT) MIME-Version: 1.0 References: <20220320114118.2237795-1-ascull@google.com> <20220320114118.2237795-7-ascull@google.com> In-Reply-To: From: Andrew Scull Date: Fri, 25 Mar 2022 09:18:34 +0000 Message-ID: Subject: Re: [PATCH 06/11] virtio: pci: Read entire capability into memory To: Bin Meng Cc: U-Boot Mailing List , Simon Glass , Alistair Delva , Keir Fraser , =?UTF-8?Q?Pierre=2DCl=C3=A9ment_Tosi?= Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On Fri, 25 Mar 2022 at 07:51, Bin Meng wrote: > > On Fri, Mar 25, 2022 at 3:03 PM Andrew Scull wrote: > > > > On Fri, 25 Mar 2022 at 04:31, Bin Meng wrote: > > > > > > On Sun, Mar 20, 2022 at 7:42 PM Andrew Scull wrote: > > > > > > > > Read the virtio PCI capability out of the device configuration space to > > > > a struct rather than accessing fields directly from the configuration > > > > space as they are needed. This both makes access to the fields easier > > > > and avoids re-reading fields. > > > > > > > > Re-reading fields could result in time-of-check to time-of-use problems, > > > > should the value in the configuration space change. The range check of > > > > the `bar` field and the later call to `dm_pci_read_bar32()` is an > > > > example of where this could happen. > > > > > > I don't see the need to avoid the time-of-check to time-of-use > > > problems, as it can only happen with the PCI configuration access > > > capability, which U-Boot driver does not touch. > > > > > > Am I missing something? > > > > U-Boot doesn't touch the configuration space but the device could > > have, whether that be accidently or maliciously. Linux has taken > > similar precautions [1] to add more safety checks and I'll be looking > > to do the same in other parts of the u-boot virtio drivers. > > > > [1] -- https://lwn.net/Articles/865216 > > > > Got it. So basically the problem is that we don't trust the host that > implements the virtio device :) > > I am curious that under such a guideline, probably lots of device > drivers need to be enhanced to do the sanity check, no? Absolutely, they do! My focus is going to be primarily on the modern PCI driver, vring and block driver. This will lay a foundation for the others but they will also need to be checked over carefully before being relied on.