lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <476DE98F.2010009@garzik.org>
Date:	Sat, 22 Dec 2007 23:52:31 -0500
From:	Jeff Garzik <jeff@...zik.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	Arjan van de Ven <arjan@...radead.org>,
	linux-kernel@...r.kernel.org, gregkh@...e.de,
	linux-pci@...ey.karlin.mff.cuni.cz,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>
Subject: Re: [patch] Make MMCONFIG space (extended PCI config space) a driver
 opt-in issue

Linus Torvalds wrote:
> 
> On Sat, 22 Dec 2007, Jeff Garzik wrote:
> 
>> My core assertion:  the present situation -- turning off MMCONFIG aggressively
>> -- is greatly preferable to adding pci_enable_mmconfig_accesses(pdev).
> 
> Well, you do realize that right now we have to have _users_ just doing 
> "pci=nommconf" on the kernel command line, because we apparently don't do 
> it aggressively enough?
> 
> The fact is, we simply don't know what the breakage is. The only safe 
> situation is to just assume things are broken, and enable it only when 
> necessary.

Absolutely.

But regardless of problems, enabling should be done globally, not per 
device...  You have three possibilities for an mmconfig-maybe-capable 
machine:

1) mmconfig disabled globally (for a single computer)

	Widely tested by users and hw vendors

	Consistent (all devices use same type of config access)

2) mmconfig enabled globally (for a single computer)

	Poorly tested by hw vendors, apparently

	Consistent (all devices use same type of config access)

3) mmconfig might or might not be enabled, depending on which driver is 
loaded, whether it called an API or not.

	Even LESS testing by hw vendors than #2.  Maybe even "never"

	Inconsistent (config access depends on device)

Choosing solution #3 is to choose the /least/ tested, /least/ likely to 
get hw vendor testing, /most/ inconsistent solution available.  Doing so 
is not maximizing good engineering attributes :)

AFAICS, solution #3 has a much higher chance of breaking userspace 
(pciutils, X.org, distro installers that read PCI config space, ...) as 
a result of the inconsistencies introduced.

I agree 100% with your summary of the problem.

But the per-device enabling solution introduced a "mixed model" for 
config space accesses is worse than any whitelist or other global [for a 
single computer] solution.

The per-device enabling solution is IMO worse than simply deleting all 
mmconfig code from the kernel.  At least the "kill mmconfig" solution 
would maintains the "tested" and "consistent" properties :)

	Jeff




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ