From patchwork Mon Jun 26 19:35:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Williamson X-Patchwork-Id: 9810381 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 00EA3603F9 for ; Mon, 26 Jun 2017 19:36:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EF61D27F90 for ; Mon, 26 Jun 2017 19:36:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E3D171FF1F; Mon, 26 Jun 2017 19:36:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C59827F97 for ; Mon, 26 Jun 2017 19:36:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752371AbdFZTgA (ORCPT ); Mon, 26 Jun 2017 15:36:00 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40262 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752335AbdFZTf6 (ORCPT ); Mon, 26 Jun 2017 15:35:58 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E00FFC0567A3; Mon, 26 Jun 2017 19:35:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E00FFC0567A3 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=alex.williamson@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E00FFC0567A3 Received: from gimli.home (ovpn-116-91.phx2.redhat.com [10.3.116.91]) by smtp.corp.redhat.com (Postfix) with ESMTP id 94A9062921; Mon, 26 Jun 2017 19:35:50 +0000 (UTC) Subject: [RFC PATCH] driver core: Stop driver bind on NOTIFY_BAD From: Alex Williamson To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org Cc: linux@armlinux.org.uk, kvm@vger.kernel.org Date: Mon, 26 Jun 2017 13:35:50 -0600 Message-ID: <20170626192117.1412.50230.stgit@gimli.home> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 26 Jun 2017 19:35:53 +0000 (UTC) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Allow participants in the BUS_NOTIFY_BIND_DRIVER to prevent driver binding with a NOTIFY_BAD. An example case where this might be useful is when we're dealing with IOMMU groups and userspace drivers. We've defined that devices within the same IOMMU group are not necessarily DMA isolated from one another and therefore allowing those devices to be split between host and user drivers may compromise the kernel. The vfio driver currently handles this with a BUG_ON when such a condition occurs. A better solution is to prevent the case from occurring, which this change enables. Signed-off-by: Alex Williamson Suggested-by: Russell King --- drivers/base/dd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) For due diligence, none of the current notifier blocks registered with bus_register_notifier() return anything other than { 0, NOTIFY_OK, NOTIFY_DONE } except for the case of BUS_NOTIFY_ADD_DEVICE, where NOTIFY_BAD is possible for NULL data in keystone_platform_notifier() and an errno return is possible from tce_iommu_bus_notifier() and i2cdev_notifier_call(). device_add() also ignores the call chain return value, so these three cases are all ineffective at preventing anything. If this is acceptable, I'll re-spin https://lkml.org/lkml/2017/6/20/681 dropping the last 3 patches, instead using the patch below, plumbing the IOMMU group notifier to percolate notifier block returns, and simply return NOTIFY_BAD from vfio rather than mucking with driver_override. Thanks Alex diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 4882f06d12df..32c1d841e8d9 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -265,9 +265,11 @@ static int driver_sysfs_add(struct device *dev) { int ret; - if (dev->bus) - blocking_notifier_call_chain(&dev->bus->p->bus_notifier, - BUS_NOTIFY_BIND_DRIVER, dev); + if (dev->bus) { + if (blocking_notifier_call_chain(&dev->bus->p->bus_notifier, + BUS_NOTIFY_BIND_DRIVER, dev) == NOTIFY_BAD) + return -EINVAL; + } ret = sysfs_create_link(&dev->driver->p->kobj, &dev->kobj, kobject_name(&dev->kobj));