From patchwork Wed Mar 30 01:30:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D048C433EF for ; Wed, 30 Mar 2022 01:28:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241623AbiC3B3q (ORCPT ); Tue, 29 Mar 2022 21:29:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234798AbiC3B3q (ORCPT ); Tue, 29 Mar 2022 21:29:46 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2185824B097 for ; Tue, 29 Mar 2022 18:28:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603682; x=1680139682; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Q7r5HkKPbpPBag7u78ONdh2dR85wmDWRv/dJ6W+1EKk=; b=SJNQFG9uaEMqKIHuzCT08JmPI0ij4ASs49hSgmw9yIsU3YsnMaxdY72C 5IsCtw9jinRLXMaQg23/9XE4H+2k//n7MA+MO+qcaOPOEdweM9tNJSzmJ GvSV3hdHZA3sgANCB7eFZEGY7v1Kan+UWIss7W5wCNi+IayUk+YBDC1Zp y5hbsC3RGlabjDsz2/L01PeuOpNQXHkd265BABG19NtcgbscV/jOMujNB USKXUUqDrtCUk6VJLPRHfT3HWHVaLqBxJWXpAS0ujkt/emWqn/NVmCHSl Gvo3JtvfOmG3Y7y5MwTbQ0R/hAf/yqtUuTHgs6opmkH1Aot2nC5/ircLT A==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601855" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601855" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776934" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 1/9] cxl/mbox: Move cxl_mem_command construction to helper funcs Date: Tue, 29 Mar 2022 18:30:16 -0700 Message-Id: <3d563038e093f435396f58b3757c74374257727b.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield Sanitizing and constructing a cxl_mem_command from a userspace command is part of the validation process prior to submitting the command to a CXL device. Move this work to helper functions: cxl_to_mem_cmd(), cxl_to_mem_cmd_raw(). This declutters cxl_validate_cmd_from_user() in preparation for adding new validation steps. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 155 +++++++++++++++++++++------------------- 1 file changed, 80 insertions(+), 75 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index be61a0d8016b..0b5bec7b8b5a 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -207,6 +207,81 @@ static bool cxl_mem_raw_command_allowed(u16 opcode) return true; } +static int cxl_to_mem_cmd_raw(struct cxl_dev_state *cxlds, + const struct cxl_send_command *send_cmd, + struct cxl_mem_command *mem_cmd) +{ + if (send_cmd->raw.rsvd) + return -EINVAL; + + /* + * Unlike supported commands, the output size of RAW commands + * gets passed along without further checking, so it must be + * validated here. + */ + if (send_cmd->out.size > cxlds->payload_size) + return -EINVAL; + + if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode)) + return -EPERM; + + *mem_cmd = (struct cxl_mem_command) { + .info = { + .id = CXL_MEM_COMMAND_ID_RAW, + .size_in = send_cmd->in.size, + .size_out = send_cmd->out.size, + }, + .opcode = send_cmd->raw.opcode + }; + + return 0; +} + +static int cxl_to_mem_cmd(struct cxl_dev_state *cxlds, + const struct cxl_send_command *send_cmd, + struct cxl_mem_command *mem_cmd) +{ + struct cxl_mem_command *c = &cxl_mem_commands[send_cmd->id]; + const struct cxl_command_info *info = &c->info; + + if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK) + return -EINVAL; + + if (send_cmd->rsvd) + return -EINVAL; + + if (send_cmd->in.rsvd || send_cmd->out.rsvd) + return -EINVAL; + + /* Check that the command is enabled for hardware */ + if (!test_bit(info->id, cxlds->enabled_cmds)) + return -ENOTTY; + + /* Check that the command is not claimed for exclusive kernel use */ + if (test_bit(info->id, cxlds->exclusive_cmds)) + return -EBUSY; + + /* Check the input buffer is the expected size */ + if (info->size_in >= 0 && info->size_in != send_cmd->in.size) + return -ENOMEM; + + /* Check the output buffer is at least large enough */ + if (info->size_out >= 0 && send_cmd->out.size < info->size_out) + return -ENOMEM; + + *mem_cmd = (struct cxl_mem_command) { + .info = { + .id = info->id, + .flags = info->flags, + .size_in = send_cmd->in.size, + .size_out = send_cmd->out.size, + }, + .opcode = c->opcode + }; + + return 0; +} + /** * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND. * @cxlds: The device data for the operation @@ -230,9 +305,6 @@ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, const struct cxl_send_command *send_cmd, struct cxl_mem_command *out_cmd) { - const struct cxl_command_info *info; - struct cxl_mem_command *c; - if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX) return -ENOTTY; @@ -244,78 +316,11 @@ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, if (send_cmd->in.size > cxlds->payload_size) return -EINVAL; - /* - * Checks are bypassed for raw commands but a WARN/taint will occur - * later in the callchain - */ - if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW) { - const struct cxl_mem_command temp = { - .info = { - .id = CXL_MEM_COMMAND_ID_RAW, - .flags = 0, - .size_in = send_cmd->in.size, - .size_out = send_cmd->out.size, - }, - .opcode = send_cmd->raw.opcode - }; - - if (send_cmd->raw.rsvd) - return -EINVAL; - - /* - * Unlike supported commands, the output size of RAW commands - * gets passed along without further checking, so it must be - * validated here. - */ - if (send_cmd->out.size > cxlds->payload_size) - return -EINVAL; - - if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode)) - return -EPERM; - - memcpy(out_cmd, &temp, sizeof(temp)); - - return 0; - } - - if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK) - return -EINVAL; - - if (send_cmd->rsvd) - return -EINVAL; - - if (send_cmd->in.rsvd || send_cmd->out.rsvd) - return -EINVAL; - - /* Convert user's command into the internal representation */ - c = &cxl_mem_commands[send_cmd->id]; - info = &c->info; - - /* Check that the command is enabled for hardware */ - if (!test_bit(info->id, cxlds->enabled_cmds)) - return -ENOTTY; - - /* Check that the command is not claimed for exclusive kernel use */ - if (test_bit(info->id, cxlds->exclusive_cmds)) - return -EBUSY; - - /* Check the input buffer is the expected size */ - if (info->size_in >= 0 && info->size_in != send_cmd->in.size) - return -ENOMEM; - - /* Check the output buffer is at least large enough */ - if (info->size_out >= 0 && send_cmd->out.size < info->size_out) - return -ENOMEM; - - memcpy(out_cmd, c, sizeof(*c)); - out_cmd->info.size_in = send_cmd->in.size; - /* - * XXX: out_cmd->info.size_out will be controlled by the driver, and the - * specified number of bytes @send_cmd->out.size will be copied back out - * to userspace. - */ - - return 0; + /* Sanitize and construct a cxl_mem_command */ + if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW) + return cxl_to_mem_cmd_raw(cxlds, send_cmd, out_cmd); + else + return cxl_to_mem_cmd(cxlds, send_cmd, out_cmd); } int cxl_query_cmd(struct cxl_memdev *cxlmd, From patchwork Wed Mar 30 01:30:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795392 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA7CAC433FE for ; Wed, 30 Mar 2022 01:28:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241629AbiC3B3u (ORCPT ); Tue, 29 Mar 2022 21:29:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241627AbiC3B3s (ORCPT ); Tue, 29 Mar 2022 21:29:48 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6783624B0AB for ; Tue, 29 Mar 2022 18:28:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603683; x=1680139683; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ykp22DrCZCA7V0szcG07t9M1HR62K5K/zKklNrArUMk=; b=Fyar9W3x9wgLWrHlFYC+q/zHAdaqn58SuXtPak60ssNv/7wsBFXDsshi Ev/Syf0Uy4Kxs9zz4qLYQo4QbAA4XnQJCx1bn/QY3mX90O0YLmUOfYoYG oLwBiCiNxO3SdvWIMWQeqPsccsJ+UixnKOQDFtby5J69rk0Yz8gggO3Nh psIpZfJQCdZ79zqe1hya6Op0HgCWc2yl2nIN1KLqJv+SM4X6jOPZLEo/l 0dGwqAllv3dblequNretfXfoTCxI8Ge14ymOhdxrRCw3w3V1JN/tJfpgi kVs5TwbT/sG+hNfUmEAjkW/8nT+XIgIkfQINnZgty3DZi8pVM27CAy/79 w==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601856" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601856" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776937" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 2/9] cxl/mbox: Move raw command warning to raw command validation Date: Tue, 29 Mar 2022 18:30:17 -0700 Message-Id: <019101a518b00407aaa19a497e8d973c364e1d12.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield This move serves two purposes: 1) Emit the warning in the raw command validation path, and 2) Remove the dependency on the struct cxl_mem_command in handle_mailbox_cmd_from_user() in preparation for a refactor of that function. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 0b5bec7b8b5a..ae9aeb6c20f7 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -225,6 +225,8 @@ static int cxl_to_mem_cmd_raw(struct cxl_dev_state *cxlds, if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode)) return -EPERM; + dev_WARN_ONCE(cxlds->dev, true, "raw command path used\n"); + *mem_cmd = (struct cxl_mem_command) { .info = { .id = CXL_MEM_COMMAND_ID_RAW, @@ -417,9 +419,6 @@ static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds, cxl_command_names[cmd->info.id].name, mbox_cmd.opcode, cmd->info.size_in); - dev_WARN_ONCE(dev, cmd->info.id == CXL_MEM_COMMAND_ID_RAW, - "raw command path used\n"); - rc = cxlds->mbox_send(cxlds, &mbox_cmd); if (rc) goto out; From patchwork Wed Mar 30 01:30:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795388 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76D25C433F5 for ; Wed, 30 Mar 2022 01:28:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241610AbiC3B3r (ORCPT ); Tue, 29 Mar 2022 21:29:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241624AbiC3B3r (ORCPT ); Tue, 29 Mar 2022 21:29:47 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92E9624B5F1 for ; Tue, 29 Mar 2022 18:28:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603683; x=1680139683; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PyxA8XV+sjPHpxd+pmg0vKtjEwuuIpoxPAwINPzgKIk=; b=kbrz9pvRBrqmRWfcHS0Q7fb/XRvvQJP0NkXT4c7kxsq66V+YSr7S7DWg Ng/qzeTWjlzoHUbr8ZviDHVr1MUfRRWBsf82YE+fKw6dw3rRmT36pHV4i eeByOwlSK+ODOxFLJTMv+AGuh24mtWbW2Bc6xc5WndXbK+z4PxXMwWe0x J9yg+4uZGQkEMFQ2OsWedncXR08CDzYnGqW/4OPV/HclR9DMZtnMSjmct frqJrsHi1A2T0YnzXDKs7PM+bG247OTl321CmXuoZFa8zwwLN7LvKW9vy SKrTPsfUevv1TvGXOxRwMtaGOnyXeTcDYlPp6ShoApwUCPjiU7U44CSyq g==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601857" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601857" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776940" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org Subject: [PATCH v4 3/9] cxl/mbox: Move build of user mailbox cmd to a helper function Date: Tue, 29 Mar 2022 18:30:18 -0700 Message-Id: <1ede5d9b049ef8e87c352b23c6e86441dee55bbd.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield In preparation for moving the construction of a mailbox command to the validation path, extract the work into a helper function. Signed-off-by: Alison Schofield Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 60 +++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index ae9aeb6c20f7..a19365075cae 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -207,6 +207,38 @@ static bool cxl_mem_raw_command_allowed(u16 opcode) return true; } +static int cxl_to_mbox_cmd(struct cxl_dev_state *cxlds, + struct cxl_mbox_cmd *mbox, u16 opcode, + size_t in_size, size_t out_size, u64 in_payload) +{ + *mbox = (struct cxl_mbox_cmd) { + .opcode = opcode, + .size_in = in_size, + }; + + if (in_size) { + mbox->payload_in = vmemdup_user(u64_to_user_ptr(in_payload), + in_size); + if (!mbox->payload_in) + return PTR_ERR(mbox->payload_in); + } + + /* Prepare to handle a full payload for variable sized output */ + if (out_size < 0) + mbox->size_out = cxlds->payload_size; + else + mbox->size_out = out_size; + + if (mbox->size_out) { + mbox->payload_out = kvzalloc(mbox->size_out, GFP_KERNEL); + if (!mbox->payload_out) { + kvfree(mbox->payload_in); + return -ENOMEM; + } + } + return 0; +} + static int cxl_to_mem_cmd_raw(struct cxl_dev_state *cxlds, const struct cxl_send_command *send_cmd, struct cxl_mem_command *mem_cmd) @@ -390,27 +422,13 @@ static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds, s32 *size_out, u32 *retval) { struct device *dev = cxlds->dev; - struct cxl_mbox_cmd mbox_cmd = { - .opcode = cmd->opcode, - .size_in = cmd->info.size_in, - .size_out = cmd->info.size_out, - }; + struct cxl_mbox_cmd mbox_cmd; int rc; - if (cmd->info.size_out) { - mbox_cmd.payload_out = kvzalloc(cmd->info.size_out, GFP_KERNEL); - if (!mbox_cmd.payload_out) - return -ENOMEM; - } - - if (cmd->info.size_in) { - mbox_cmd.payload_in = vmemdup_user(u64_to_user_ptr(in_payload), - cmd->info.size_in); - if (IS_ERR(mbox_cmd.payload_in)) { - kvfree(mbox_cmd.payload_out); - return PTR_ERR(mbox_cmd.payload_in); - } - } + rc = cxl_to_mbox_cmd(cxlds, &mbox_cmd, cmd->opcode, cmd->info.size_in, + cmd->info.size_out, in_payload); + if (rc) + return rc; dev_dbg(dev, "Submitting %s command for user\n" @@ -464,10 +482,6 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) if (rc) return rc; - /* Prepare to handle a full payload for variable sized output */ - if (c.info.size_out < 0) - c.info.size_out = cxlds->payload_size; - rc = handle_mailbox_cmd_from_user(cxlds, &c, send.in.payload, send.out.payload, &send.out.size, &send.retval); From patchwork Wed Mar 30 01:30:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A752BC433FE for ; Wed, 30 Mar 2022 01:28:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241628AbiC3B3s (ORCPT ); Tue, 29 Mar 2022 21:29:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241624AbiC3B3r (ORCPT ); Tue, 29 Mar 2022 21:29:47 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45824BBE0E for ; Tue, 29 Mar 2022 18:28:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603684; x=1680139684; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JA27QawdBD+udV4jh3b0FBp9N1PB7VITMRZvcNK3Jx0=; b=cb6hkNrbCXpj2FcK0IOPa0pvUsIPbP9qj49C5/5tHyDOMgAV7mjZlQCH nsiNjJnlTStxFNKW73+t3b/uvk5W2yM8Sx/vOnLfkA68phO0OaeZdeZ1I t8Ryn0am+1eY9F1xUOcdeTk0qYenXQu2O1MxQTJd1EAfcBXZ8t1iawrD0 ZanAcpcW5X46hS87/cZOrE9Jqe4LNxy6c05tKpwLy8hAaoVZ2St2pMSUc PH38MQjtzy1eVWD+n67euFJfRoTSI0CTa1KZaltSwn6K5eu2LkfchMeWh 5dnM4Mrt5eUudV2RO7yvi0iaQVB2rBpGsgksOJwY44Wwq5BoVodmWyypf Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601858" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601858" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776945" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 4/9] cxl/mbox: Construct a users cxl_mbox_cmd in the validation path Date: Tue, 29 Mar 2022 18:30:19 -0700 Message-Id: <281bb6c00baa93c29a9f05162a274bd6140fea39.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield This is a step in refactoring the handling of user space mailbox commands. The intent is to have all the validation work originate in cxl_validate_cmd_from_user(). Move the construction and validation of a mailbox command to the validation path. Continue to pass both the out_cmd and the mbox_cmd until handle_mbox_cmd_from_user() learns how to use a mbox_cmd param. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index a19365075cae..95882ab9f87b 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -321,6 +321,7 @@ static int cxl_to_mem_cmd(struct cxl_dev_state *cxlds, * @cxlds: The device data for the operation * @send_cmd: &struct cxl_send_command copied in from userspace. * @out_cmd: Sanitized and populated &struct cxl_mem_command. + * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd. * * Return: * * %0 - @out_cmd is ready to send. @@ -337,8 +338,11 @@ static int cxl_to_mem_cmd(struct cxl_dev_state *cxlds, */ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, const struct cxl_send_command *send_cmd, - struct cxl_mem_command *out_cmd) + struct cxl_mem_command *out_cmd, + struct cxl_mbox_cmd *mbox_cmd) { + int rc; + if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX) return -ENOTTY; @@ -352,9 +356,17 @@ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, /* Sanitize and construct a cxl_mem_command */ if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW) - return cxl_to_mem_cmd_raw(cxlds, send_cmd, out_cmd); + rc = cxl_to_mem_cmd_raw(cxlds, send_cmd, out_cmd); else - return cxl_to_mem_cmd(cxlds, send_cmd, out_cmd); + rc = cxl_to_mem_cmd(cxlds, send_cmd, out_cmd); + + if (rc) + return rc; + + /* Sanitize and construct a cxl_mbox_cmd */ + return cxl_to_mbox_cmd(cxlds, mbox_cmd, out_cmd->opcode, + out_cmd->info.size_in, out_cmd->info.size_out, + send_cmd->in.payload); } int cxl_query_cmd(struct cxl_memdev *cxlmd, @@ -471,6 +483,7 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) struct device *dev = &cxlmd->dev; struct cxl_send_command send; struct cxl_mem_command c; + struct cxl_mbox_cmd mbox_cmd; int rc; dev_dbg(dev, "Send IOCTL\n"); @@ -478,7 +491,7 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) if (copy_from_user(&send, s, sizeof(send))) return -EFAULT; - rc = cxl_validate_cmd_from_user(cxlmd->cxlds, &send, &c); + rc = cxl_validate_cmd_from_user(cxlmd->cxlds, &send, &c, &mbox_cmd); if (rc) return rc; From patchwork Wed Mar 30 01:30:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49C50C433EF for ; Wed, 30 Mar 2022 01:28:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241630AbiC3B3u (ORCPT ); Tue, 29 Mar 2022 21:29:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241629AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0E2524B5F1 for ; Tue, 29 Mar 2022 18:28:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603684; x=1680139684; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IzcwRhG16/Hc0yD0nr15NwG3pIQIS7YKOLXS0bkK1lo=; b=R9Bvif8veOiUjgE8WsigShr5KXcs9dfS0ZALwlacAQK8AoV0YkUIQbQ1 gx+whrSWaQQYTM7vYottlH6A6Q3B2STNtgRFnfADrkmu5jKThxLYcb0O/ pnyUTwuRhVLJfvj5jClrdUfmuITmcXW9ZIGNCQQHE1ANHArKYXT1rcyPQ C635+NDZ9lKA5/a07GyT3m+WuZKJ6tiV8JVfBDjW0RuIaRnFDnjOi5xsj 9Jb23VEvlhAZaFOI2tTw8wjPQSkrTgRoKMgMzCvdtUGsZVzdH2PvCUr3T kKL4v1Tcahmb9YfnW+d26R+MYVJiEfqDDRYUeJZLuvuRo1kBjK7pGsUlL g==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601859" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601859" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776948" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 5/9] cxl/mbox: Remove dependency on cxl_mem_command for a debug msg Date: Tue, 29 Mar 2022 18:30:20 -0700 Message-Id: <1a1ebb7181b8be9fb746da48b41c02e54bee513e.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield In preparation for removing access to struct cxl_mem_command, change this debug message to use cxl_mbox_cmd fields instead. Retrieve the pretty command name from cxl_mbox_cmd using a new opcode to command name helper. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 95882ab9f87b..654e61a77eb3 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -127,6 +127,17 @@ static struct cxl_mem_command *cxl_mem_find_command(u16 opcode) return NULL; } +static const char *cxl_mem_opcode_to_name(u16 opcode) +{ + struct cxl_mem_command *c; + + c = cxl_mem_find_command(opcode); + if (!c) + return NULL; + + return cxl_command_names[c->info.id].name; +} + /** * cxl_mbox_send_cmd() - Send a mailbox command to a device. * @cxlds: The device data for the operation @@ -445,9 +456,9 @@ static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds, dev_dbg(dev, "Submitting %s command for user\n" "\topcode: %x\n" - "\tsize: %ub\n", - cxl_command_names[cmd->info.id].name, mbox_cmd.opcode, - cmd->info.size_in); + "\tsize: %zx\n", + cxl_mem_opcode_to_name(mbox_cmd.opcode), + mbox_cmd.opcode, mbox_cmd.size_in); rc = cxlds->mbox_send(cxlds, &mbox_cmd); if (rc) From patchwork Wed Mar 30 01:30:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795390 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5043AC4332F for ; Wed, 30 Mar 2022 01:28:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241631AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241630AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31C4524CEE1 for ; Tue, 29 Mar 2022 18:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603685; x=1680139685; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Cp+nQ4xe1SSMncV0Inn/HzB4ZxixrXKR7z4scY0mpNw=; b=CyYVkzVVcpEn0uQfijgInqNteV0gLJsF661dsoC/YW3C/6yjgfQDYTxU iOgfk8TUUc/ANUHxkYTX1ivQGobSpsHaphllRB91wEt7dOAJXONdgm5nW gmI0nYQc1RL+29sfDDzhbrUDj0hSw1du6nbZGLxZjzHikm58y05RWojsH XG7QaiC5YE7CnSP0z1Lh8G0YKv+vX+Tgjsz+EQcrn45sznONAVhQ+ZMfa fdIFlf4X00Bj3+6XI5/rra9Zop2OPUx1ReNCd3YSah2huT3qSLbkM83bd KFYjlMQUS0YKy3gw91X/i3eSD1wWuY4RiRbAMeqX/C3VP2+p7DNTQ3kyK w==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601860" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601860" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776951" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 6/9] cxl/mbox: Make handle_mailbox_cmd_from_user() use a mbox param Date: Tue, 29 Mar 2022 18:30:21 -0700 Message-Id: <265c48b1ae2d6ebfed21f41bc1bfd2c2b98a1257.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield Previously, handle_mailbox_cmd_from_user(), constructed the mailbox command and dispatched it to the hardware. The construction work has moved to the validation path. handle_mailbox_cmd_from_user() now expects a fully validated mbox param. Make it's caller, cxl_send_cmd(), deliver it. Update the comments and dereferencing of the new mbox parameter. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron Reviewed-by: Dan Williams --- drivers/cxl/core/mbox.c | 54 +++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 32 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 654e61a77eb3..b0abda67d7da 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -417,8 +417,7 @@ int cxl_query_cmd(struct cxl_memdev *cxlmd, /** * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace. * @cxlds: The device data for the operation - * @cmd: The validated command. - * @in_payload: Pointer to userspace's input payload. + * @mbox_cmd: The validated mailbox command. * @out_payload: Pointer to userspace's output payload. * @size_out: (Input) Max payload size to copy out. * (Output) Payload size hardware generated. @@ -433,59 +432,48 @@ int cxl_query_cmd(struct cxl_memdev *cxlmd, * * %-EINTR - Mailbox acquisition interrupted. * * %-EXXX - Transaction level failures. * - * Creates the appropriate mailbox command and dispatches it on behalf of a - * userspace request. The input and output payloads are copied between - * userspace. + * Dispatches a mailbox command on behalf of a userspace request. + * The output payload is copied to userspace. * * See cxl_send_cmd(). */ static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds, - const struct cxl_mem_command *cmd, - u64 in_payload, u64 out_payload, - s32 *size_out, u32 *retval) + struct cxl_mbox_cmd *mbox_cmd, + u64 out_payload, s32 *size_out, + u32 *retval) { struct device *dev = cxlds->dev; - struct cxl_mbox_cmd mbox_cmd; int rc; - rc = cxl_to_mbox_cmd(cxlds, &mbox_cmd, cmd->opcode, cmd->info.size_in, - cmd->info.size_out, in_payload); - if (rc) - return rc; - dev_dbg(dev, "Submitting %s command for user\n" "\topcode: %x\n" "\tsize: %zx\n", - cxl_mem_opcode_to_name(mbox_cmd.opcode), - mbox_cmd.opcode, mbox_cmd.size_in); + cxl_mem_opcode_to_name(mbox_cmd->opcode), + mbox_cmd->opcode, mbox_cmd->size_in); - rc = cxlds->mbox_send(cxlds, &mbox_cmd); + rc = cxlds->mbox_send(cxlds, mbox_cmd); if (rc) - goto out; + return rc; /* * @size_out contains the max size that's allowed to be written back out * to userspace. While the payload may have written more output than * this it will have to be ignored. */ - if (mbox_cmd.size_out) { - dev_WARN_ONCE(dev, mbox_cmd.size_out > *size_out, + if (mbox_cmd->size_out) { + dev_WARN_ONCE(dev, mbox_cmd->size_out > *size_out, "Invalid return size\n"); if (copy_to_user(u64_to_user_ptr(out_payload), - mbox_cmd.payload_out, mbox_cmd.size_out)) { - rc = -EFAULT; - goto out; + mbox_cmd->payload_out, mbox_cmd->size_out)) { + return -EFAULT; } } - *size_out = mbox_cmd.size_out; - *retval = mbox_cmd.return_code; + *size_out = mbox_cmd->size_out; + *retval = mbox_cmd->return_code; -out: - kvfree(mbox_cmd.payload_in); - kvfree(mbox_cmd.payload_out); - return rc; + return 0; } int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) @@ -506,9 +494,11 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) if (rc) return rc; - rc = handle_mailbox_cmd_from_user(cxlds, &c, send.in.payload, - send.out.payload, &send.out.size, - &send.retval); + rc = handle_mailbox_cmd_from_user(cxlds, &mbox_cmd, send.out.payload, + &send.out.size, &send.retval); + + kvfree(mbox_cmd.payload_in); + kvfree(mbox_cmd.payload_out); if (rc) return rc; From patchwork Wed Mar 30 01:30:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795393 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 257EEC433F5 for ; Wed, 30 Mar 2022 01:28:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241627AbiC3B3v (ORCPT ); Tue, 29 Mar 2022 21:29:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241624AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E74CBBE0E for ; Tue, 29 Mar 2022 18:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603685; x=1680139685; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zYGXXTWBPZRg4Uxnr2zsQm1Mv/C90lXoqUQ4yV92dsA=; b=UPU655UdTXMt3DcET5EjBQPsuLDDLXWgMTEZ3IOdgTU/wAjMESb1WEAg YMfHbx36jvqahVKRU5i9hF7ucgqYeKjH3zC37iszcmRydWJtE+eBVRW7h nvDCnEdyoONQbK/bi7MWF7LTvcxoOoeAHB6T/fLDnVoW7s8thYXa12BHa 9XbpUS5mJZwVD+67XMc09+jn9ri9jNOyQqrss5gxoM4j9U2SYQWOrBFXc 98EgLuJoFEGZGFW1hXt7gnMvTs9lB0OUrXJkZR7c36J3M/okcm/V8r6IG AfaqREtYA7Jx1SIeyoX6WIazypcFKCC7C0HAOowmHk1k46eg0EtXjdY6t A==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601862" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601862" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776955" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 7/9] cxl/mbox: Move cxl_mem_command param to a local variable Date: Tue, 29 Mar 2022 18:30:22 -0700 Message-Id: <4c8239075b201923a49d00c7b18d9dda6c9059b7.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield cxl_validate_command_from_user() is now the single point of validation for mailbox commands coming from user space. Previously, it returned a a cxl_mem_command, but that was not sufficient when validation of the actual mailbox command became a requirement. Now, it returns a fully validated cxl_mbox_cmd. Remove the extraneous cxl_mem_command parameter. Define and use a local version only. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron --- drivers/cxl/core/mbox.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index b0abda67d7da..1b50e335d62b 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -328,10 +328,9 @@ static int cxl_to_mem_cmd(struct cxl_dev_state *cxlds, } /** - * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND. + * cxl_validate_cmd_from_user() - Construct a valid cxl_mbox_cmd * @cxlds: The device data for the operation * @send_cmd: &struct cxl_send_command copied in from userspace. - * @out_cmd: Sanitized and populated &struct cxl_mem_command. * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd. * * Return: @@ -342,16 +341,14 @@ static int cxl_to_mem_cmd(struct cxl_dev_state *cxlds, * * %-EPERM - Attempted to use a protected command. * * %-EBUSY - Kernel has claimed exclusive access to this opcode * - * The result of this command is a fully validated command in @out_cmd that is + * The result of this command is a fully validated command in @mbox_cmd that is * safe to send to the hardware. - * - * See handle_mailbox_cmd_from_user() */ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, const struct cxl_send_command *send_cmd, - struct cxl_mem_command *out_cmd, struct cxl_mbox_cmd *mbox_cmd) { + struct cxl_mem_command mem_cmd; int rc; if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX) @@ -367,16 +364,16 @@ static int cxl_validate_cmd_from_user(struct cxl_dev_state *cxlds, /* Sanitize and construct a cxl_mem_command */ if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW) - rc = cxl_to_mem_cmd_raw(cxlds, send_cmd, out_cmd); + rc = cxl_to_mem_cmd_raw(cxlds, send_cmd, &mem_cmd); else - rc = cxl_to_mem_cmd(cxlds, send_cmd, out_cmd); + rc = cxl_to_mem_cmd(cxlds, send_cmd, &mem_cmd); if (rc) return rc; /* Sanitize and construct a cxl_mbox_cmd */ - return cxl_to_mbox_cmd(cxlds, mbox_cmd, out_cmd->opcode, - out_cmd->info.size_in, out_cmd->info.size_out, + return cxl_to_mbox_cmd(cxlds, mbox_cmd, mem_cmd.opcode, + mem_cmd.info.size_in, mem_cmd.info.size_out, send_cmd->in.payload); } @@ -481,7 +478,6 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) struct cxl_dev_state *cxlds = cxlmd->cxlds; struct device *dev = &cxlmd->dev; struct cxl_send_command send; - struct cxl_mem_command c; struct cxl_mbox_cmd mbox_cmd; int rc; @@ -490,7 +486,7 @@ int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s) if (copy_from_user(&send, s, sizeof(send))) return -EFAULT; - rc = cxl_validate_cmd_from_user(cxlmd->cxlds, &send, &c, &mbox_cmd); + rc = cxl_validate_cmd_from_user(cxlmd->cxlds, &send, &mbox_cmd); if (rc) return rc; From patchwork Wed Mar 30 01:30:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795395 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D80CC43219 for ; Wed, 30 Mar 2022 01:28:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241633AbiC3B3w (ORCPT ); Tue, 29 Mar 2022 21:29:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241632AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19AC924CEEE for ; Tue, 29 Mar 2022 18:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603686; x=1680139686; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=XgnQcVBarHR6K9Yhs1h4CrE6QOzDWuyS7e0MGnm6v+A=; b=fmhI8HfoStM7UsgowbSUAh0DMTxwcTebd0aOnFj9qmD6WkzHCgB8PtgD e0oqcr9qwOVvDAlY1Y2Ce6MorDkeigki0ugl3dqzqdL98QTYh3E1fx9pK J8ZCnkG2Q1uMylgufhhB88+My0eQOe0A+3FvHSnA/+YHZSV7X3iQ5X3Gs 3zTBieF56zCi2XrQGwz02x6E7SB5lDH8SjiArytQcHjEDZAs4cQyLzqt2 Tth1mzt1jq7WLRcOUBGSVHlITPe2BOvwvWsoQL6uRiexupqGOGhx21Q43 izTC4/5wHZZ8bRfavDOWAadLrP9GinFt/uoZKxtL1QKvLSl1nSFQVEWyM A==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601863" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601863" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776958" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org, Jonathan Cameron Subject: [PATCH v4 8/9] cxl/mbox: Block immediate mode in SET_PARTITION_INFO command Date: Tue, 29 Mar 2022 18:30:23 -0700 Message-Id: <8ded42fca3f0fdd273683e7cd03c451e61ef6fa7.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield User space may send the SET_PARTITION_INFO mailbox command using the IOCTL interface. Inspect the input payload and fail if the immediate flag is set. This is the first instance of the driver inspecting an input payload from user space. Assume there will be more such cases and implement with an extensible helper. In order for the kernel to react to an immediate partition change it needs to assert that the change will not affect any active decode. At a minimum this requires validating that the device is using HDM decoders instead of the CXL DVSEC for decode, and that none of the active HDM decoders are affected by the partition change. For now, just fail until that support arrives. Signed-off-by: Alison Schofield Reviewed-by: Jonathan Cameron --- drivers/cxl/core/mbox.c | 41 +++++++++++++++++++++++++++++++++++++++++ drivers/cxl/cxlmem.h | 7 +++++++ 2 files changed, 48 insertions(+) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 1b50e335d62b..dfd4b146c4e3 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -218,6 +218,40 @@ static bool cxl_mem_raw_command_allowed(u16 opcode) return true; } +/** + * cxl_payload_from_user_allowed() - Check contents of in_payload. + * @opcode: The mailbox command opcode. + * @payload_in: Pointer to the input payload passed in from user space. + * + * Return: + * * true - payload_in passes check for @opcode. + * * false - payload_in contains invalid or unsupported values. + * + * The driver may inspect payload contents before sending a mailbox + * command from user space to the device. The intent is to reject + * commands with input payloads that are known to be unsafe. This + * check is not intended to replace the users careful selection of + * mailbox command parameters and makes no guarantee that the user + * command will succeed, nor that it is appropriate. + * + * The specific checks are determined by the opcode. + */ +static bool cxl_payload_from_user_allowed(u16 opcode, void *payload_in) +{ + switch (opcode) { + case CXL_MBOX_OP_SET_PARTITION_INFO: { + struct cxl_mbox_set_partition_info *pi = payload_in; + + if (pi->flags && CXL_SET_PARTITION_IMMEDIATE_FLAG) + return false; + break; + } + default: + break; + } + return true; +} + static int cxl_to_mbox_cmd(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *mbox, u16 opcode, size_t in_size, size_t out_size, u64 in_payload) @@ -232,6 +266,13 @@ static int cxl_to_mbox_cmd(struct cxl_dev_state *cxlds, in_size); if (!mbox->payload_in) return PTR_ERR(mbox->payload_in); + + if (!cxl_payload_from_user_allowed(opcode, mbox->payload_in)) { + dev_dbg(cxlds->dev, "%s: input payload not allowed\n", + cxl_mem_opcode_to_name(opcode)); + kvfree(mbox->payload_in); + return -EBUSY; + } } /* Prepare to handle a full payload for variable sized output */ diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h index d5c9a273d07d..dee574527e50 100644 --- a/drivers/cxl/cxlmem.h +++ b/drivers/cxl/cxlmem.h @@ -264,6 +264,13 @@ struct cxl_mbox_set_lsa { u8 data[]; } __packed; +struct cxl_mbox_set_partition_info { + __le64 volatile_capacity; + u8 flags; +} __packed; + +#define CXL_SET_PARTITION_IMMEDIATE_FLAG BIT(0) + /** * struct cxl_mem_command - Driver representation of a memory device command * @info: Command information as it exists for the UAPI From patchwork Wed Mar 30 01:30:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 12795394 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C5C4C4332F for ; Wed, 30 Mar 2022 01:28:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241624AbiC3B3w (ORCPT ); Tue, 29 Mar 2022 21:29:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241633AbiC3B3t (ORCPT ); Tue, 29 Mar 2022 21:29:49 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2996D24D9A0 for ; Tue, 29 Mar 2022 18:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648603686; x=1680139686; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yHF16x5D3zgG3WciOb/MCrBwV+747JgXvKxMM306SMU=; b=mS/1f0ZlQaPhu6tzA/D7wGJmeIFIhyROqOK3hj728CnB1x3ewRAp1dsn qF1xu+AK7LsGdHq5DlKDWZbbOOChi+4h+h3VG2vTbfU9aIS4FZseRvBN+ z6QFiUZiIOv9abrx9IZ2DEauZW14uDu54l44WNvCoy9Dm6XoYZ/3G5y9N XitD92iLjwJdw7XP2VFplYqilro5CI+eBDEDNwuPgeCoiD6VNx+J770tP 94ZOcMN+oPf/Z498b7igoExGLVbgadE5gv23CzQY+jL7LbfO7uY7VNGbt I9eoHfskRyGtpAC/Sc7VeEO0Ez/14Fb4ZjjQezidVUg27m3wzq5X75BvF w==; X-IronPort-AV: E=McAfee;i="6200,9189,10301"; a="322601864" X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="322601864" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 X-IronPort-AV: E=Sophos;i="5.90,221,1643702400"; d="scan'208";a="719776962" Received: from alison-desk.jf.intel.com (HELO localhost) ([10.54.74.41]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 18:28:01 -0700 From: alison.schofield@intel.com To: Ben Widawsky , Dan Williams , Ira Weiny , Vishal Verma Cc: Alison Schofield , linux-cxl@vger.kernel.org Subject: [PATCH v4 9/9] cxl/pmem: Remove CXL SET_PARTITION_INFO from exclusive_cmds list Date: Tue, 29 Mar 2022 18:30:24 -0700 Message-Id: <56e8479832ef95bee0aa9099148ecd3e5539c372.1648601710.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org From: Alison Schofield With SET_PARTITION_INFO on the exclusive_cmds list for the CXL_PMEM driver, userspace cannot execute a set-partition command without first unbinding the pmem driver from the device. When userspace requests a partition change to take effect on the next reboot this unbind requirement is unnecessarily restrictive. The driver does not need to enforce an unbind because partitions will not change until the next reboot. Of course, userspace still needs to be aware that changing the size of persistent capacity on the next reboot will result in the loss of data stored. That can happen regardless of whether it is presently bound at the time of issuing the set-partition command. When userspace requests a partition change to take effect immediately, restrictions are needed. The CXL_MEM driver currently blocks the usage of immediate mode, making the presence of SET_PARTITION_INFO, in this exclusive commands list, redundant. In the future, when the CXL_MEM driver adds support for immediate changes to device partitions it will ensure that the partition change will not affect any active decode. That means the work will not fall right back here, onto the CXL_PMEM driver. Signed-off-by: Alison Schofield --- drivers/cxl/pmem.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c index 564d125d25ef..35c6f3af18f2 100644 --- a/drivers/cxl/pmem.c +++ b/drivers/cxl/pmem.c @@ -344,7 +344,6 @@ static __init int cxl_pmem_init(void) { int rc; - set_bit(CXL_MEM_COMMAND_ID_SET_PARTITION_INFO, exclusive_cmds); set_bit(CXL_MEM_COMMAND_ID_SET_SHUTDOWN_STATE, exclusive_cmds); set_bit(CXL_MEM_COMMAND_ID_SET_LSA, exclusive_cmds);