| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Nov 2018 09:36:29 -0700
From: Keith Busch <keith.busch@...el.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Lukas Wunner <lukas@...ner.de>, Bjorn Helgaas <helgaas@...nel.org>,
Alexandru Gagniuc <mr.nuke.me@...il.com>,
linux-pci@...r.kernel.org, alex_gagniuc@...lteam.com,
austin_bolen@...l.com, shyam_iyer@...l.com,
linux-kernel@...r.kernel.org,
Jonathan Derrick <jonathan.derrick@...el.com>,
Russell Currey <ruscur@...sell.cc>,
Sam Bobroff <sbobroff@...ux.ibm.com>,
Oliver O'Halloran <oohall@...il.com>,
linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v2] PCI/MSI: Don't touch MSI bits when the PCI device is
disconnected
On Fri, Nov 09, 2018 at 03:32:57AM -0800, Greg Kroah-Hartman wrote:
> On Fri, Nov 09, 2018 at 08:29:53AM +0100, Lukas Wunner wrote:
> > On Thu, Nov 08, 2018 at 02:01:17PM -0800, Greg Kroah-Hartman wrote:
> > > On Thu, Nov 08, 2018 at 02:09:17PM -0600, Bjorn Helgaas wrote:
> > > > I'm having second thoughts about this. One thing I'm uncomfortable
> > > > with is that sprinkling pci_dev_is_disconnected() around feels ad hoc
> > >
> > > I think my stance always has been that this call is not good at all
> > > because once you call it you never really know if it is still true as
> > > the device could have been removed right afterward.
> > >
> > > So almost any code that relies on it is broken, there is no locking and
> > > it can and will race and you will loose.
> >
> > Hm, to be honest if that's your impression I think you must have missed a
> > large portion of the discussion we've been having over the past 2 years.
> >
> > Please consider reading this LWN article, particularly the "Surprise
> > removal" section, to get up to speed:
> >
> > https://lwn.net/Articles/767885/
> >
> > You seem to be assuming that all we care about is the *return value* of
> > an mmio read. However a transaction to a surprise removed device has
> > side effects beyond returning all ones, such as a Completion Timeout
> > which, with thousands of transactions in flight, added up to many seconds
> > to handle removal of an NVMe array and occasionally caused MCEs.
>
> Again, I still claim this is broken hardware/firmware :)
Indeed it is, but I don't want to abandon people with hardware in hand
if we can make it work despite being broken. Perfection is the enemy of
good. :)
> > It is not an option to just blindly carry out device accesses even though
> > it is known the device is gone, Completion Timeouts be damned.
>
> I don't disagree with you at all, and your other email is great with
> summarizing the issues here.
>
> What I do object to is somehow relying on that function call as knowing
> that the device really is present or not. It's a good hint, yes, but
> driver authors still have to be able to handle the bad data coming back
> from when the call races with the device being removed.
The function has always been a private interface. It is not available
for drivers to rely on.
The only thing we're trying to accomplish is not start a transaction
if software knows it will not succeed. There are certainly times when
a transaction will fail that software does not forsee, but we're not
suggesting the intent handles that either.
Powered by blists - more mailing lists