| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <478A79E4.3060601@myri.com> Date: Sun, 13 Jan 2008 15:51:48 -0500 From: Loic Prylli <loic@...i.com> To: Arjan van de Ven <arjan@...radead.org> CC: Ivan Kokshaysky <ink@...assic.park.msu.ru>, Greg KH <greg@...ah.com>, Matthew Wilcox <matthew@....cx>, Linus Torvalds <torvalds@...ux-foundation.org>, Greg KH <gregkh@...e.de>, linux-kernel@...r.kernel.org, Jeff Garzik <jeff@...zik.org>, linux-pci@...ey.karlin.mff.cuni.cz, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Martin Mares <mj@....cz>, Tony Camuso <tcamuso@...hat.com> Subject: Re: [Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in On 1/13/2008 1:41 PM, Arjan van de Ven wrote: > On Sun, 13 Jan 2008 13:23:35 -0500 > Loic Prylli <loic@...i.com> wrote: > > Matthew pointed a patch that basically does what you suggested; only one comment on your mail left after that: > > >> 2) the pci_enable_ext_config() function and dev->ext_cfg_space field, >> sysfs interface should be removed from the patch. There has never >> been a problem reporting crashes or any undefined behaviour while >> trying to access ext-conf-space, all the problems where *using >> mmconfig to access legacy-conf-space*. >> > > > This entirely misses the point of why I made the patch. The point is NOT > that devices are buggy. The point is that right now, 99.99% of the machines > out there do NOT need extended config space (no matter how it gets accessed), > > The point of my patch was to make people who don't need extended config space, > not have to deal with it anymore. > I think I got your point the first time, and I agree it is sound. But in my subjective and biased opinion, I just think ext-conf-space is already useful and widespread enough (being used is not the same as being strictly required for basic operation) for your proposed tradeoff to not be optimal (protecting against "future/non-proven" hardware bugs, i.e. bringing non-proven benefits, at the expense of making life harder for ext-conf-space users while bringing additional extra API/code). To take an example from the linux tree: the driver/pci/pcie/aer code uses ext-conf-space for every pcie-root (currently several distributions enable it by default), does it mean opt-in would be automatically activated for most pcie hierarchies (defeating most of the benefits of being opt-in), or we just disable that code by default? Does lspci -v will automatically opt-in all pcie (right now by default it tries to list the extended-capabilities for pcie and pcix), or do we now require manual explicit sysfs operations to get the whole thing? Is is an additional flag to lspci (if so will that flag also apply to pcix, possibly causing a crash for lspci -v -<opt-in-all-potential-ext-devices> on some machines). > Note: There is not a 100% overlap between "need" and "will not be used in > the patches that use legacy for < 256". In the other patches posted, > extended config space will be used in cases where it won't be with my > patch. (Most obvious one is an "lspci -vx" from automated scripts). To go one step your direction, I have already argued in a couple of emails that I would prefer to not implement ext-conf-space access for any PCI-X devices (removing PCI-X2 from pci_ext_cfg_size), because there we are trying to support devices that we don't really know exists or will ever exists. And protecting against "unproven bugs" makes more sense when it only removes "unproven benefits". > > Is that a problem? We've had 2 years of mess, with one not-enough patch after another. > > There still are problems TODAY (eg im 2.6.24-rc7). The patch that falls back > to an alternative method for below 256 is no doubt a step in the right direction. > (although I'm not all that happy about mixing access types, it's not provably incorrect) > Is it enough? I'm not sure. FWIW, I have in my tree a patch almost identical to Ivan's dated "December 2005". Because of the constant activity on the mmconfig front (that I thought would make it obsolete), I never took the effort of suggesting it before one month ago (I am not a regular user of linux-kernel). I admit nobody else should view it that way, but for me rather than the last attempt at fixing mmconfig, it's a patch first used two years ago that would have arguably prevented all problems that have been reported since then. Besides, recent mails show that hypothetically, we could even not change anything to the existing conf-space code, since the only known bug remaining is the one associated with bar probing and could be adressed by: http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.24-rc6/2.6.24-rc6-mm1/broken-out/pci-disable-decoding-during-sizing-of-bars.patch [ Thanks to Robert hancok and Grant Grundler for explaining to me the history of bar-probing last month ] Even if that bar-probing patch was applied (maybe it needs to be more combat-proven), by default, it still seems better to not use mmconfig for legacy-conf-space access, but going two extra precaution steps beyond what seems necessary might be excessive. > Only time can tell I suppose, but the risk side is that > if it is not enough, users who don't need the extended config space for functionality > will suffer the bugs AGAIN. > You can indeed never exclude 100% that possibility, but if they see a problem again, it is likely to be a new category of hardware/BIOS bugs never seen before. Loic -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists