| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Dec 2007 23:52:31 -0500 From: Jeff Garzik <jeff@...zik.org> To: Linus Torvalds <torvalds@...ux-foundation.org> CC: Arjan van de Ven <arjan@...radead.org>, linux-kernel@...r.kernel.org, gregkh@...e.de, linux-pci@...ey.karlin.mff.cuni.cz, Benjamin Herrenschmidt <benh@...nel.crashing.org> Subject: Re: [patch] Make MMCONFIG space (extended PCI config space) a driver opt-in issue Linus Torvalds wrote: > > On Sat, 22 Dec 2007, Jeff Garzik wrote: > >> My core assertion: the present situation -- turning off MMCONFIG aggressively >> -- is greatly preferable to adding pci_enable_mmconfig_accesses(pdev). > > Well, you do realize that right now we have to have _users_ just doing > "pci=nommconf" on the kernel command line, because we apparently don't do > it aggressively enough? > > The fact is, we simply don't know what the breakage is. The only safe > situation is to just assume things are broken, and enable it only when > necessary. Absolutely. But regardless of problems, enabling should be done globally, not per device... You have three possibilities for an mmconfig-maybe-capable machine: 1) mmconfig disabled globally (for a single computer) Widely tested by users and hw vendors Consistent (all devices use same type of config access) 2) mmconfig enabled globally (for a single computer) Poorly tested by hw vendors, apparently Consistent (all devices use same type of config access) 3) mmconfig might or might not be enabled, depending on which driver is loaded, whether it called an API or not. Even LESS testing by hw vendors than #2. Maybe even "never" Inconsistent (config access depends on device) Choosing solution #3 is to choose the /least/ tested, /least/ likely to get hw vendor testing, /most/ inconsistent solution available. Doing so is not maximizing good engineering attributes :) AFAICS, solution #3 has a much higher chance of breaking userspace (pciutils, X.org, distro installers that read PCI config space, ...) as a result of the inconsistencies introduced. I agree 100% with your summary of the problem. But the per-device enabling solution introduced a "mixed model" for config space accesses is worse than any whitelist or other global [for a single computer] solution. The per-device enabling solution is IMO worse than simply deleting all mmconfig code from the kernel. At least the "kill mmconfig" solution would maintains the "tested" and "consistent" properties :) Jeff -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists