lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1381348999.7979.360.camel@snotra.buserror.net>
Date:	Wed, 9 Oct 2013 15:03:19 -0500
From:	Scott Wood <scottwood@...escale.com>
To:	Yoder Stuart-B08248 <B08248@...escale.com>
CC:	Wood Scott-B07421 <B07421@...escale.com>,
	Kim Phillips <kim.phillips@...aro.org>,
	Christoffer Dall <christoffer.dall@...aro.org>,
	Alex Williamson <alex.williamson@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"a.motakis@...tualopensystems.com" <a.motakis@...tualopensystems.com>,
	"agraf@...e.de" <agraf@...e.de>,
	Sethi Varun-B16395 <B16395@...escale.com>,
	Bhushan Bharat-R65777 <R65777@...escale.com>,
	"peter.maydell@...aro.org" <peter.maydell@...aro.org>,
	"santosh.shukla@...aro.org" <santosh.shukla@...aro.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
Subject: Re: RFC: (re-)binding the VFIO platform driver to a platform device

On Wed, 2013-10-09 at 14:44 -0500, Yoder Stuart-B08248 wrote:
> 
> > -----Original Message-----
> > From: Wood Scott-B07421
> > Sent: Wednesday, October 09, 2013 2:22 PM
> > To: Yoder Stuart-B08248
> > Cc: Wood Scott-B07421; Kim Phillips; Christoffer Dall; Alex Williamson;
> > linux-kernel@...r.kernel.org; a.motakis@...tualopensystems.com;
> > agraf@...e.de; Sethi Varun-B16395; Bhushan Bharat-R65777;
> > peter.maydell@...aro.org; santosh.shukla@...aro.org; kvm@...r.kernel.org;
> > gregkh@...uxfoundation.org
> > Subject: Re: RFC: (re-)binding the VFIO platform driver to a platform
> > device
> > 
> > On Wed, 2013-10-09 at 14:02 -0500, Yoder Stuart-B08248 wrote:
> > > Have been thinking about this issue some more.  As Scott mentioned,
> > > 'wildcard' matching for a driver can be fairly done in the platform
> > > bus driver.  We could add a new flag to the platform driver struct:
> > >
> > > diff --git a/drivers/base/platform.c b/drivers/base/platform.c
> > > index 4f8bef3..4d6cf14 100644
> > > --- a/drivers/base/platform.c
> > > +++ b/drivers/base/platform.c
> > > @@ -727,6 +727,10 @@ static int platform_match(struct device *dev,
> > struct device_driver *drv)
> > >         struct platform_device *pdev = to_platform_device(dev);
> > >         struct platform_driver *pdrv = to_platform_driver(drv);
> > >
> > > +       /* the driver matches any device */
> > > +       if (pdrv->match_any)
> > > +               return 1;
> > > +
> > >         /* Attempt an OF style match first */
> > >         if (of_driver_match_device(dev, drv))
> > >                 return 1;
> > >
> > > However, the more problematic issue is that a bus driver has no way to
> > > differentiate from an explicit bind request via sysfs and a bind that
> > > happened through bus probing.
> > 
> > Again, I think the wildcard match should be orthogonal to "don't bind by
> > default" as far as the mechanism goes.
> > 
> > There's already a "bool suppress_bind_attrs" to prevent sysfs
> > bind/unbind.  I suggested a similar flag to mean the oppsosite -- bind
> > *only* through sysfs.  Greg KH was skeptical and wanted to see a patch
> > before any further discussion.
> 
> Ah, think I understand now...yes that works as well, and would be
> less intrustive.   So are you writing a patch? :)

I've been meaning to since the previous round of discussion, but I've
been busy.  Would someone else be able to test it in the context of
using it for VFIO?

> It would be something like this, right?
> 
> diff --git a/drivers/base/dd.c b/drivers/base/dd.c
> index 35fa368..c9a61ea 100644
> --- a/drivers/base/dd.c
> +++ b/drivers/base/dd.c
> @@ -389,7 +389,7 @@ static int __device_attach(struct device_driver *drv, void *data)
>  {
>         struct device *dev = data;
> 
> -       if (!driver_match_device(drv, dev))
> +       if (!drv->explicit_bind_only && !driver_match_device(drv, dev))
>                 return 0;

if (drv->explicit_bind_only || !driver_match_device(drv, dev))
	return 0;

>         return driver_probe_device(drv, dev);
> @@ -450,7 +450,7 @@ static int __driver_attach(struct device *dev, void *data)
>          * is an error.
>          */
> 
> -       if (!driver_match_device(drv, dev))
> +       if (!drv->explicit_bind_only && !driver_match_device(drv, dev))
>                 return 0;

Likewise -- or error out earlier in driver_attach().

Otherwise, that looks about right, for the driver side (though
driver_attach could error out earlier rather than testing it inside the
loop).

The other half of fixing the raciness is to ensure that the device
doesn't get bound back to a non-VFIO driver (e.g. due to a module load
or new_id).  The solution I proposed for that was a similar
explicit-bind-only flag for a device, that the user sets through sysfs
prior to unbinding.  This would also be useful in non-VFIO contexts to
simply say "I don't want to use this device at all".

-Scott



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ