| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF8kJuN4yjBzaTuAA9wERbxbJQs=YSf-1RY_nHu+XvMybpYbfA@mail.gmail.com> Date: Wed, 6 Aug 2025 17:50:37 -0700 From: Chris Li <chrisl@...nel.org> To: Jason Gunthorpe <jgg@...pe.ca> Cc: Thomas Gleixner <tglx@...utronix.de>, Bjorn Helgaas <bhelgaas@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, Danilo Krummrich <dakr@...nel.org>, Len Brown <lenb@...nel.org>, linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org, linux-acpi@...r.kernel.org, David Matlack <dmatlack@...gle.com>, Pasha Tatashin <tatashin@...gle.com>, Jason Miu <jasonmiu@...gle.com>, Vipin Sharma <vipinsh@...gle.com>, Saeed Mahameed <saeedm@...dia.com>, Adithya Jayachandran <ajayachandra@...dia.com>, Parav Pandit <parav@...dia.com>, William Tu <witu@...dia.com>, Mike Rapoport <rppt@...nel.org>, Leon Romanovsky <leon@...nel.org>, Junaid Shahid <junaids@...gle.com> Subject: Re: [PATCH RFC 20/25] PCI/LUO: Avoid write to liveupdate devices at boot Hi Jason, Thanks for your feedback. On Sat, Aug 2, 2025 at 6:50 AM Jason Gunthorpe <jgg@...pe.ca> wrote: > > On Fri, Aug 01, 2025 at 04:04:39PM -0700, Chris Li wrote: > > My philosophy is that the LUO PCI subsystem is for service of the PCI > > device driver. Ultimately it is the PCI device driver who decides what > > part of the config space they want to preserve or overwrite. The PCI > > layer is just there to facilitate that service. > > I don't think this makes any sense at all. There is nothing the device > driver can contribute here. I am considering that the device driver owner will know a lot more device internal knowledge, e.g. why it needs to reserve this and that register where the PCI layer might not know much about the internal device behavior. > > If you still think it is unjustifiable to have one test try to > > preserve all config space for liveupdate. > > I do think it is unjustifiable, it is architecurally wrong. You only > should be preserving the absolute bare minimum of config space bits > and everything else should be rewritten by the next kernel in the > normal way. This MSI is a prime example of a nonsensical outcome if > you take the position the config space should not be written to. OK. Let me rework the V2 with your approach. > > > > Only some config accesse are bad. Each and every "bad" one needs to be > > > clearly explained *why* it is bad and only then mitigated. > > > > That is exactly the reason why we have the conservative test that > > preserves every config space test as a starting point. > > That is completely the opposite of what I said. Preserving everything > is giving up on the harder job of identifying which bits cannot be > changed, explaining why they can't be changed, and then mitigating > only those things. We can still preserve every thing then work backwards to preserve less. As I said, I will rework V2 with your approach preserving bare minimum as the starting place. > > Another constraint is that the data center servers are dependent on > > the network device able to connect to the network appropriately. Take > > diorite NIC for example, if I try only preserving ATS/PASID did not > > finish the rest of liveupdate, the nic wasn't able to boot up and > > connect to the network all the way. Even if the test passes for the > > ATS part, the over test fails because the server is not back online. I > > can't include that test into the test dashboard, because it brings > > down the server. The only way to recover from that is rebooting the > > server, which takes a long time for a big server. I can only keep that > > non-passing test as my own private developing test, not the regression > > test set. > > I have no idea what this is trying to say and it sounds like you also > can't explain exactly what is "wrong" and justify why things are being > preserved. I know what register is causing the trouble but I think we are under a different philosophy of addressing the problem from different ends. Another consideration is the device testing matrixs. The kexec with device liveupdate is a rare event. With that many device state re-initializing might trigger some very rare bug in the device or firmware. So it might be due to the device internal implementation, even though PCI spec might say otherwise or undefined. Anyway, let me do it your way in V2 then. > Again, your series should be starting simpler. Perserve the dumbest > simplest PCI configuration. Certainly no switches, P2P, ATS or > PASID. When that is working you can then add on more complex PCI > features piece by piece. With the V1 the patch series deliverable is having an Intel diorite NVMe device preserve every config space access and pass to the vfio and iommu people to build the vfio and iommu on top of it. Let's forget about V1. With V2 I want to start with the minimal end. No switches,P2P, ATS or PASID. I need some help to define what is deliverable in such a minimal preserve. e.g. Do I be able to read back the config value not changed then call it a day. Or do I expect to see the device fully initialized, it is able to be used by the user space. Will the device need to perform any DMA? Interrupt? I will probably find a device as simple as possible and it is attached to the root PCI host bridge, not the PCI-PCI bridge. Maybe no interrupt as the first step. One possibility is using the Intel DSA device that does the DMA streaming. If you have any other feedback on the candidate device and deliverable test for V2, I am looking forward to it. Thanks. Chris
Powered by blists - more mailing lists