lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-id: <4727CB1A.7040607@shaw.ca> Date: Tue, 30 Oct 2007 18:23:54 -0600 From: Robert Hancock <hancockr@...w.ca> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Arjan van de Ven <arjan@...radead.org>, Greg KH <greg@...ah.com>, Jesse Barnes <jbarnes@...tuousgeek.org>, akpm@...ux-foundation.org, ak@...e.de, rajesh.shah@...el.com, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: pci-disable-decode-of-io-memory-during-bar-sizing.patch Linus Torvalds wrote: > > On Tue, 30 Oct 2007, Robert Hancock wrote: >>> You have to, anyway. Even now the MMCONFIG stuff uses CONF1 cycles for >>> startup. >> If it does, it's not by necessity. As soon as you read the table location out >> of the ACPI tables you can start using it, and that shouldn't require any >> config space accesses. > > Don't be silly. Exactly _BECAUSE_ we cannot trust the firmware, we have to > use conf1 (which we can trust) to verify it and/or fix things up. My point was, it's not inherently necessary in order to use MMCONFIG. I'm not saying the checks (unreachable_devices and pci_mmcfg_check_hostbridge) aren't useful or needed with many real machines. However, in the event that type1 access isn't available we just skip all those checks because we have no other option. It would indeed be a pretty broken spec if there was no way to bootstrap with it even under ideal conditions.. > > Also, there are several devices that don't show up in the MMCFG things, or > just otherwise get it wrong. > > So just take a look at arch/x86/pci/mmconfig-shared.c and look for > "conf1". > > Really. Damn, I'm nervous taking any MMCFG patches that has you as an > author, if you aren't even aware of these kinds of fundamnetal issues. You > probably read the standards about how things are "supposed" to work, and > then just believed them? > > Rule #1 in kernel programming: don't *ever* think that things actually > work the way they are documented to work. The documentation is a starting > point, nothing else. > > And please be defensive in programming. We *know* conf1 cycles work. The > hardware has been extensively tested, and there are no firmware > interactions. There is *zero* reasons to use MMCONF cycles for normal > devices. Ergo: switching over to MMCONF when not needed is stupid and > fragile. I can't really disagree that MMCONFIG doesn't have great advantages for most devices (though it likely is faster on a lot of platforms, which may be significant if the device does lots of config space accesses). So for the moment, avoiding using it except where necessary will likely work out (except if some system does indeed puke on mixing type1 and MMCONFIG). However, what Microsoft is doing with Vista may eventually make a difference in the future. Many hardware vendors seem to use the testing strategy of "test with latest Windows version. Works OK? Ship it." If Vista decides that MMCONFIG is good to use all the time, then type1 access support is likely going to a) end up less tested and b) probably deleted entirely in time. We've seen it before - it used to be that not using ACPI was the safe option on most hardware with Linux. Now you pretty much have to use it because the manufacturers only test with it enabled. I've seen at least one board where the interrupt routing was completely broken with ACPI off, because they obviously only tested in Windows.. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists