Message ID | 20220824232450.723179-3-ira.weiny@intel.com |
---|---|
State | Superseded |
Headers | show |
Series | CXL: Taint user access to DOE mailbox config space | expand |
On Wed, 24 Aug 2022 16:24:50 -0700 ira.weiny@intel.com wrote: > From: Ira Weiny <ira.weiny@intel.com> > > The PCIE Data Object Exchange (DOE) mailbox is a protocol run over > configuration cycles. It assumes one initiator at a time. While the > kernel has control of the mailbox user space writes could interfere with > the kernel access. > > Mark DOE mailbox config space exclusive when iterated by the CXL driver. > > Signed-off-by: Ira Weiny <ira.weiny@intel.com> > --- > drivers/cxl/pci.c | 5 +++++ > include/uapi/linux/pci_regs.h | 1 + > 2 files changed, 6 insertions(+) > > diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c > index faeb5d9d7a7a..5b833eb91543 100644 > --- a/drivers/cxl/pci.c > +++ b/drivers/cxl/pci.c > @@ -418,6 +418,11 @@ static void devm_cxl_pci_create_doe(struct cxl_dev_state *cxlds) > continue; > } > > + if (!pci_request_config_region_exclusive(pdev, off, > + PCI_DOE_CAP_SIZE, > + dev_name(dev))) > + pci_err(pdev, "Failed to exclude DOE registers\n"); > + > if (xa_insert(&cxlds->doe_mbs, off, doe_mb, GFP_KERNEL)) { > dev_err(dev, "xa_insert failed to insert MB @ %x\n", > off); > diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h > index 57b8e2ffb1dd..f2396bcd09cc 100644 > --- a/include/uapi/linux/pci_regs.h > +++ b/include/uapi/linux/pci_regs.h > @@ -1119,6 +1119,7 @@ > #define PCI_DOE_STATUS_DATA_OBJECT_READY 0x80000000 /* Data Object Ready */ > #define PCI_DOE_WRITE 0x10 /* DOE Write Data Mailbox Register */ > #define PCI_DOE_READ 0x14 /* DOE Read Data Mailbox Register */ > +#define PCI_DOE_CAP_SIZE (0x14 + 4) /* Size of this register block */ Equivalents in this file don't build _SIZE from previous register - they just give it directly. Hence change this to 0x18. Also, it seems that _SIZEOF is the common naming for this in this file. There are a few _SIZE such as PCI_MSIX_ENTRY_SIZE but many more _SIZEOF > > /* DOE Data Object - note not actually registers */ > #define PCI_DOE_DATA_OBJECT_HEADER_1_VID 0x0000ffff
diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c index faeb5d9d7a7a..5b833eb91543 100644 --- a/drivers/cxl/pci.c +++ b/drivers/cxl/pci.c @@ -418,6 +418,11 @@ static void devm_cxl_pci_create_doe(struct cxl_dev_state *cxlds) continue; } + if (!pci_request_config_region_exclusive(pdev, off, + PCI_DOE_CAP_SIZE, + dev_name(dev))) + pci_err(pdev, "Failed to exclude DOE registers\n"); + if (xa_insert(&cxlds->doe_mbs, off, doe_mb, GFP_KERNEL)) { dev_err(dev, "xa_insert failed to insert MB @ %x\n", off); diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 57b8e2ffb1dd..f2396bcd09cc 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -1119,6 +1119,7 @@ #define PCI_DOE_STATUS_DATA_OBJECT_READY 0x80000000 /* Data Object Ready */ #define PCI_DOE_WRITE 0x10 /* DOE Write Data Mailbox Register */ #define PCI_DOE_READ 0x14 /* DOE Read Data Mailbox Register */ +#define PCI_DOE_CAP_SIZE (0x14 + 4) /* Size of this register block */ /* DOE Data Object - note not actually registers */ #define PCI_DOE_DATA_OBJECT_HEADER_1_VID 0x0000ffff