From: Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>
To: "Kamal, Asad" <Asad.Kamal@amd.com>
Cc: "amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"Lazar, Lijo" <Lijo.Lazar@amd.com>,
"Zhang, Hawking" <Hawking.Zhang@amd.com>,
"Ma, Le" <Le.Ma@amd.com>, "Zhang, Morris" <Shiwu.Zhang@amd.com>,
"Deucher, Alexander" <Alexander.Deucher@amd.com>,
"Wang, Yang(Kevin)" <KevinYang.Wang@amd.com>,
"StDenis, Tom" <Tom.StDenis@amd.com>
Subject: Re: [PATCH v3] drm/amdgpu: Gate debugfs MMIO access on kernel lockdown
Date: Mon, 8 Jun 2026 15:35:12 +0200 [thread overview]
Message-ID: <aibDIZvSA9lPzjNx@archlinux> (raw)
In-Reply-To: <DM4PR12MB5038B0755743FC22E25C80FC8E1C2@DM4PR12MB5038.namprd12.prod.outlook.com>
On Mon, Jun 08, 2026 at 11:48:52AM +0000, Kamal, Asad wrote:
> AMD General
>
> Hi Nicolas,
>
> Agreed that pci_read_config() has no lockdown check, standardized PCI
> config space reads are not blocked under [integrity]. But amdgpu_regs
> is not equivalent to config space reads. It provides arbitrary read
> access to the full GPU MMIO register space via RREG32, which is the
> same class of access as pci_mmap_resource(), a user-space mapping of
> the PCI BAR. That function is explicitly blocked at integrity with
> LOCKDOWN_PCI_ACCESS:
>
> /* drivers/pci/pci-sysfs.c */
> static int pci_mmap_resource(struct kobject *kobj, ...)
> {
> ret = security_locked_down(LOCKDOWN_PCI_ACCESS);
> if (ret)
> return ret;
> ...
> }
>
> pci_mmap_resource() is blocked not only because the mapping enables writes, but because it grants direct, unmediated access to the BAR, the same unmediated hardware access that amdgpu_regs provides through a serial interface. The distinction is not read vs. write, it is mediated (config space via kernel abstractions) vs. unmediated (direct BAR/MMIO access).
>
> The /dev/mem precedent reinforces this. open_port() checks LOCKDOWN_DEV_MEM (which is before LOCKDOWN_INTEGRITY_MAX) on open, blocking both reads and writes unconditionally, because raw hardware memory access of any kind bypasses the kernel's protection model:
>
> /* drivers/char/mem.c */
> static int open_port(struct inode *inode, struct file *filp)
> {
> rc = security_locked_down(LOCKDOWN_DEV_MEM);
> if (rc)
> return rc;
> ...
> }
>
> RREG32 on an arbitrary register offset is the GPU equivalent of a /dev/mem read of a BAR-mapped region. Blocking it at integrity with LOCKDOWN_PCI_ACCESS is consistent with both of these existing kernel precedents.
>
> We prefer to keep the current approach.
>
> Thanks & Regards
> Asad
>
> -----Original Message-----
> From: Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>
> Sent: Monday, June 8, 2026 4:58 PM
> To: Kamal, Asad <Asad.Kamal@amd.com>
> Cc: amd-gfx@lists.freedesktop.org; Lazar, Lijo <Lijo.Lazar@amd.com>; Zhang, Hawking <Hawking.Zhang@amd.com>; Ma, Le <Le.Ma@amd.com>; Zhang, Morris <Shiwu.Zhang@amd.com>; Deucher, Alexander <Alexander.Deucher@amd.com>; Wang, Yang(Kevin) <KevinYang.Wang@amd.com>; StDenis, Tom <Tom.StDenis@amd.com>
> Subject: Re: [PATCH v3] drm/amdgpu: Gate debugfs MMIO access on kernel lockdown
>
> [You don't often get email from nicolas.bouchinet@oss.cyber.gouv.fr. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> On Mon, Jun 08, 2026 at 11:03:05AM +0000, Kamal, Asad wrote:
> > AMD General
> >
> > Hi @Nicolas Bouchinet
> >
> > Thank you for the review.
> >
> > The commit message references v1 behavior and is no longer accurate. Writes are already blocked, the existing debugfs_locked_down() in fs/debugfs/file.c handles writes when FMODE_WRITE is set, the early-return guard fails and security_locked_down(LOCKDOWN_DEBUGFS) blocks the open under [integrity].
I didn't saw that your patch changed that much, sorry for that.
With the v3 version of your patch, since the debugfs regs files are not
even created it is indeed correct to use an `integrity` lockdown_reason
like `LOCKDOWN_PCI_ACCESS`.
Nicolas
prev parent reply other threads:[~2026-06-09 7:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-03 11:44 [PATCH v3] drm/amdgpu: Gate debugfs MMIO access on kernel lockdown Asad Kamal
2026-06-03 12:29 ` StDenis, Tom
2026-06-03 12:55 ` Kamal, Asad
2026-06-03 14:20 ` Lazar, Lijo
2026-06-08 9:03 ` Nicolas Bouchinet
2026-06-08 11:03 ` Kamal, Asad
2026-06-08 11:27 ` Nicolas Bouchinet
2026-06-08 11:48 ` Kamal, Asad
2026-06-08 13:35 ` Nicolas Bouchinet [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aibDIZvSA9lPzjNx@archlinux \
--to=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=Alexander.Deucher@amd.com \
--cc=Asad.Kamal@amd.com \
--cc=Hawking.Zhang@amd.com \
--cc=KevinYang.Wang@amd.com \
--cc=Le.Ma@amd.com \
--cc=Lijo.Lazar@amd.com \
--cc=Shiwu.Zhang@amd.com \
--cc=Tom.StDenis@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.