From: Dan Williams <dan.j.williams@intel.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Ben Widawsky <ben.widawsky@intel.com>,
linux-cxl@vger.kernel.org,
Linux ACPI <linux-acpi@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Linux PCI <linux-pci@vger.kernel.org>,
Bjorn Helgaas <helgaas@kernel.org>,
Chris Browy <cbrowy@avery-design.com>,
Christoph Hellwig <hch@infradead.org>,
Ira Weiny <ira.weiny@intel.com>, Jon Masters <jcm@jonmasters.org>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Rafael Wysocki <rafael.j.wysocki@intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
Vishal Verma <vishal.l.verma@intel.com>,
daniel.lll@alibaba-inc.com,
"John Groves (jgroves)" <jgroves@micron.com>,
"Kelley, Sean V" <sean.v.kelley@intel.com>
Subject: Re: [PATCH 13/14] cxl/mem: Add limited Get Log command (0401h)
Date: Wed, 3 Feb 2021 12:31:00 -0800 [thread overview]
Message-ID: <CAPcyv4hMM9isho5d8wS=5vtP0NxE5KA0HrMp+Bx2PZhPDrrWsg@mail.gmail.com> (raw)
In-Reply-To: <YBroGrVd76p+BF0v@Konrads-MacBook-Pro.local>
On Wed, Feb 3, 2021 at 10:16 AM Konrad Rzeszutek Wilk
<konrad.wilk@oracle.com> wrote:
>
> On Wed, Feb 03, 2021 at 09:16:10AM -0800, Ben Widawsky wrote:
> > On 21-02-02 15:57:03, Dan Williams wrote:
> > > On Tue, Feb 2, 2021 at 3:51 PM Ben Widawsky <ben.widawsky@intel.com> wrote:
> > > >
> > > > On 21-02-01 13:28:48, Konrad Rzeszutek Wilk wrote:
> > > > > On Fri, Jan 29, 2021 at 04:24:37PM -0800, Ben Widawsky wrote:
> > > > > > The Get Log command returns the actual log entries that are advertised
> > > > > > via the Get Supported Logs command (0400h). CXL device logs are selected
> > > > > > by UUID which is part of the CXL spec. Because the driver tries to
> > > > > > sanitize what is sent to hardware, there becomes a need to restrict the
> > > > > > types of logs which can be accessed by userspace. For example, the
> > > > > > vendor specific log might only be consumable by proprietary, or offline
> > > > > > applications, and therefore a good candidate for userspace.
> > > > > >
> > > > > > The current driver infrastructure does allow basic validation for all
> > > > > > commands, but doesn't inspect any of the payload data. Along with Get
> > > > > > Log support comes new infrastructure to add a hook for payload
> > > > > > validation. This infrastructure is used to filter out the CEL UUID,
> > > > > > which the userspace driver doesn't have business knowing, and taints on
> > > > > > invalid UUIDs being sent to hardware.
> > > > >
> > > > > Perhaps a better option is to reject invalid UUIDs?
> > > > >
> > > > > And if you really really want to use invalid UUIDs then:
> > > > >
> > > > > 1) Make that code wrapped in CONFIG_CXL_DEBUG_THIS_IS_GOING_TO..?
> > > > >
> > > > > 2) Wrap it with lockdown code so that you can't do this at all
> > > > > when in LOCKDOWN_INTEGRITY or such?
> > > > >
> > > >
> > > > The commit message needs update btw as CEL is allowed in the latest rev of the
> > > > patches.
> > > >
> > > > We could potentially combine this with the now added (in a branch) CONFIG_RAW
> > > > config option. Indeed I think that makes sense. Dan, thoughts?
> > >
> > > Yeah, unknown UUIDs blocking is the same risk as raw commands as a
> > > vendor can trigger any behavior they want. A "CONFIG_RAW depends on
> > > !CONFIG_INTEGRITY" policy sounds reasonable as well.
> >
> > What about LOCKDOWN_NONE though? I think we need something runtime for this.
> >
> > Can we summarize the CONFIG options here?
> >
> > CXL_MEM_INSECURE_DEBUG // no change
> > CXL_MEM_RAW_COMMANDS // if !security_locked_down(LOCKDOWN_NONE)
> >
> > bool cxl_unsafe()
>
> Would it be better if this inverted? Aka cxl_safe()..
> ?
> > {
> > #ifndef CXL_MEM_RAW_COMMANDS
nit use IS_ENABLED() if this function lives in a C file, or provide
whole alternate static inline versions in a header gated by ifdefs.
> > return false;
> > #else
> > return !security_locked_down(LOCKDOWN_NONE);
>
> :thumbsup:
>
> (Naturally this would inverted if this was cxl_safe()).
>
>
> > #endif
> > }
> >
> > ---
> >
> > Did I get that right?
>
> :nods:
Looks good which means it's time to bikeshed the naming. I'd call it
cxl_raw_allowed(). As "safety" isn't the only reason for blocking raw,
it's also to corral the userspace api. I.e. things like enforcing
security passphrase material through the Linux keys api.
next prev parent reply other threads:[~2021-02-03 20:32 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-30 0:24 [PATCH 00/14] CXL 2.0 Support Ben Widawsky
2021-01-30 0:24 ` [PATCH 01/14] cxl/mem: Introduce a driver for CXL-2.0-Type-3 endpoints Ben Widawsky
2021-01-30 23:51 ` David Rientjes
2021-02-01 17:21 ` Jonathan Cameron
2021-02-01 17:34 ` Konrad Rzeszutek Wilk
2021-02-02 17:58 ` Christoph Hellwig
2021-02-02 18:00 ` Christoph Hellwig
2021-01-30 0:24 ` [PATCH 02/14] cxl/mem: Map memory device registers Ben Widawsky
2021-01-30 23:51 ` David Rientjes
2021-02-01 16:46 ` Ben Widawsky
2021-02-01 18:19 ` Jonathan Cameron
2021-02-01 17:36 ` Konrad Rzeszutek Wilk
2021-02-02 18:04 ` Christoph Hellwig
2021-02-02 18:31 ` Ben Widawsky
2021-02-03 17:12 ` Christoph Hellwig
2021-01-30 0:24 ` [PATCH 03/14] cxl/mem: Find device capabilities Ben Widawsky
2021-01-30 23:51 ` David Rientjes
2021-02-01 16:53 ` Ben Widawsky
2021-02-01 21:51 ` David Rientjes
2021-02-01 21:58 ` Ben Widawsky
2021-02-01 22:23 ` David Rientjes
2021-02-01 22:28 ` Ben Widawsky
2021-02-01 22:33 ` Ben Widawsky
2021-02-01 22:45 ` David Rientjes
2021-02-01 22:50 ` Ben Widawsky
2021-02-01 23:09 ` David Rientjes
2021-02-01 23:17 ` Ben Widawsky
2021-02-01 23:58 ` David Rientjes
2021-02-02 0:11 ` Ben Widawsky
2021-02-02 0:14 ` Dan Williams
2021-02-02 1:09 ` David Rientjes
2021-02-01 22:02 ` Dan Williams
2021-02-01 17:41 ` Konrad Rzeszutek Wilk
2021-02-01 17:50 ` Ben Widawsky
2021-02-01 18:08 ` Konrad Rzeszutek Wilk
2021-02-02 18:10 ` Christoph Hellwig
2021-02-02 18:24 ` Ben Widawsky
2021-02-03 17:15 ` Christoph Hellwig
2021-02-03 17:23 ` Ben Widawsky
2021-02-03 21:23 ` Dan Williams
2021-02-04 7:16 ` Christoph Hellwig
2021-02-04 15:29 ` Ben Widawsky
2021-01-30 0:24 ` [PATCH 04/14] cxl/mem: Implement polled mode mailbox Ben Widawsky
2021-01-30 23:51 ` David Rientjes
2021-02-01 20:00 ` Dan Williams
2021-02-02 22:57 ` Ben Widawsky
2021-02-02 23:54 ` Dan Williams
2021-02-03 0:54 ` Ben Widawsky
2021-02-02 22:50 ` Ben Widawsky
2021-02-01 17:54 ` Konrad Rzeszutek Wilk
2021-02-01 19:13 ` Ben Widawsky
2021-02-01 19:28 ` Dan Williams
[not found] ` <SN6PR08MB46052FE9BC20A747CACD8F50D1B39@SN6PR08MB4605.namprd08.prod.outlook.com>
2021-02-04 22:24 ` [EXT] " Ben Widawsky
2021-01-30 0:24 ` [PATCH 05/14] cxl/mem: Register CXL memX devices Ben Widawsky
2021-01-30 0:31 ` Dan Williams
2021-01-30 23:52 ` David Rientjes
2021-02-01 17:10 ` Ben Widawsky
2021-02-01 21:53 ` David Rientjes
2021-02-01 21:55 ` Dan Williams
2021-02-02 18:13 ` Christoph Hellwig
2021-01-30 0:24 ` [PATCH 06/14] cxl/mem: Add basic IOCTL interface Ben Widawsky
2021-02-02 18:15 ` Christoph Hellwig
2021-02-02 18:33 ` Ben Widawsky
2021-01-30 0:24 ` [PATCH 07/14] cxl/mem: Add send command Ben Widawsky
2021-02-01 18:15 ` Konrad Rzeszutek Wilk
2021-02-02 23:08 ` Ben Widawsky
2021-01-30 0:24 ` [PATCH 08/14] taint: add taint for direct hardware access Ben Widawsky
2021-02-01 18:18 ` Konrad Rzeszutek Wilk
2021-02-01 18:34 ` Ben Widawsky
2021-02-01 19:01 ` Dan Williams
2021-02-02 2:49 ` Konrad Rzeszutek Wilk
2021-02-02 17:46 ` Dan Williams
2021-02-08 22:00 ` Dan Williams
2021-02-08 22:09 ` Kees Cook
2021-02-08 23:05 ` Ben Widawsky
2021-02-08 23:36 ` Dan Williams
2021-02-09 1:03 ` Dan Williams
2021-02-09 3:36 ` Ben Widawsky
2021-01-30 0:24 ` [PATCH 09/14] cxl/mem: Add a "RAW" send command Ben Widawsky
2021-02-01 18:24 ` Konrad Rzeszutek Wilk
2021-02-01 19:27 ` Ben Widawsky
2021-02-01 19:34 ` Konrad Rzeszutek Wilk
2021-02-01 21:20 ` Dan Williams
2021-01-30 0:24 ` [PATCH 10/14] cxl/mem: Create concept of enabled commands Ben Widawsky
2021-01-30 0:24 ` [PATCH 11/14] cxl/mem: Use CEL for enabling commands Ben Widawsky
2021-01-30 0:24 ` [PATCH 12/14] cxl/mem: Add set of informational commands Ben Widawsky
2021-01-30 0:24 ` [PATCH 13/14] cxl/mem: Add limited Get Log command (0401h) Ben Widawsky
2021-02-01 18:28 ` Konrad Rzeszutek Wilk
2021-02-02 23:51 ` Ben Widawsky
2021-02-02 23:57 ` Dan Williams
2021-02-03 17:16 ` Ben Widawsky
2021-02-03 18:14 ` Konrad Rzeszutek Wilk
2021-02-03 20:31 ` Dan Williams [this message]
2021-02-04 18:55 ` Ben Widawsky
2021-02-04 21:01 ` Dan Williams
2021-01-30 0:24 ` [PATCH 14/14] MAINTAINERS: Add maintainers of the CXL driver Ben Widawsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPcyv4hMM9isho5d8wS=5vtP0NxE5KA0HrMp+Bx2PZhPDrrWsg@mail.gmail.com' \
--to=dan.j.williams@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=ben.widawsky@intel.com \
--cc=cbrowy@avery-design.com \
--cc=daniel.lll@alibaba-inc.com \
--cc=hch@infradead.org \
--cc=helgaas@kernel.org \
--cc=ira.weiny@intel.com \
--cc=jcm@jonmasters.org \
--cc=jgroves@micron.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=linux-pci@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=sean.v.kelley@intel.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).