mbox series

[V3,0/2] CXL: Taint user access to DOE mailbox config space

Message ID 20220926215711.2893286-1-ira.weiny@intel.com
Headers show
Series CXL: Taint user access to DOE mailbox config space | expand

Message

Ira Weiny Sept. 26, 2022, 9:57 p.m. UTC
From: Ira Weiny <ira.weiny@intel.com>

Changes from V2
	Incorporate feedback from Greg and Jonathan

Changes from V1
	Incorporate feedback from Dan and Greg.

PCI config space access from user space has traditionally been unrestricted
with writes being an understood risk for device operation.

Unfortunately, device breakage or odd behavior from config writes lacks
indicators that can leave driver writers confused when evaluating failures.
This is especially true with the new PCIe Data Object Exchange (DOE) mailbox
protocol where backdoor shenanigans from user space through things such as
vendor defined protocols may affect device operation without complete breakage.

Even though access should not be restricted it would be nice for driver writers
to be able to flag critical parts of the config space such that interference
from user space can be detected.

Introduce pci_request_config_region_exclusive() and use it in the CXL driver
for DOE config space.

Ira Weiny (2):
  PCI: Allow drivers to request exclusive config regions
  cxl/doe: Request exclusive DOE access

 drivers/cxl/pci.c             |  5 +++++
 drivers/pci/pci-sysfs.c       |  7 +++++++
 drivers/pci/probe.c           |  6 ++++++
 include/linux/ioport.h        |  2 ++
 include/linux/pci.h           | 17 +++++++++++++++++
 include/uapi/linux/pci_regs.h |  1 +
 kernel/resource.c             | 13 ++++++++-----
 7 files changed, 46 insertions(+), 5 deletions(-)


base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff

Comments

Dan Williams Oct. 21, 2022, 11:29 p.m. UTC | #1
ira.weiny@ wrote:
> From: Ira Weiny <ira.weiny@intel.com>
> 
> Changes from V2
> 	Incorporate feedback from Greg and Jonathan
> 
> Changes from V1
> 	Incorporate feedback from Dan and Greg.
> 
> PCI config space access from user space has traditionally been unrestricted
> with writes being an understood risk for device operation.
> 
> Unfortunately, device breakage or odd behavior from config writes lacks
> indicators that can leave driver writers confused when evaluating failures.
> This is especially true with the new PCIe Data Object Exchange (DOE) mailbox
> protocol where backdoor shenanigans from user space through things such as
> vendor defined protocols may affect device operation without complete breakage.
> 
> Even though access should not be restricted it would be nice for driver writers
> to be able to flag critical parts of the config space such that interference
> from user space can be detected.
> 
> Introduce pci_request_config_region_exclusive() and use it in the CXL driver
> for DOE config space.
> 
> Ira Weiny (2):
>   PCI: Allow drivers to request exclusive config regions
>   cxl/doe: Request exclusive DOE access
> 
>  drivers/cxl/pci.c             |  5 +++++
>  drivers/pci/pci-sysfs.c       |  7 +++++++
>  drivers/pci/probe.c           |  6 ++++++
>  include/linux/ioport.h        |  2 ++
>  include/linux/pci.h           | 17 +++++++++++++++++
>  include/uapi/linux/pci_regs.h |  1 +
>  kernel/resource.c             | 13 ++++++++-----
>  7 files changed, 46 insertions(+), 5 deletions(-)
> 
> 
> base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff

Applied for v6.2. I am not a huge fan of the driver_exclusive_resource
naming since it leaves out the configuration address space aspect.
However, any other naming I can think of confuses it with the
traditional PCI device resources which do more than just host
exclusions.