From: Myron Stowe <mstowe@redhat.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Myron Stowe <myron.stowe@redhat.com>,
kay@vrfy.org, linux-hotplug@vger.kernel.org,
alex.williamson@redhat.com, linux-pci@vger.kernel.org,
yuxiangl@marvell.com, yxlraid@gmail.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] udevadm-info: Don't access sysfs 'resource<N>' files
Date: Sun, 17 Mar 2013 08:12:22 -0600 [thread overview]
Message-ID: <1363529542.2423.39.camel@zim.stowe> (raw)
In-Reply-To: <20130317010317.GB9641@kroah.com>
On Sat, 2013-03-16 at 18:03 -0700, Greg KH wrote:
> On Sat, Mar 16, 2013 at 05:50:53PM -0600, Myron Stowe wrote:
> > On Sat, 2013-03-16 at 15:11 -0700, Greg KH wrote:
> > > On Sat, Mar 16, 2013 at 03:35:19PM -0600, Myron Stowe wrote:
> > > > Sysfs includes entries to memory that backs a PCI device's BARs, both I/O
> > > > Port space and MMIO. This memory regions correspond to the device's
> > > > internal status and control registers used to drive the device.
> > > >
> > > > Accessing these registers from userspace such as "udevadm info
> > > > --attribute-walk --path=/sys/devices/..." does can not be allowed as
> > > > such accesses outside of the driver, even just reading, can yield
> > > > catastrophic consequences.
> > > >
> > > > Udevadm-info skips parsing a specific set of sysfs entries including
> > > > 'resource'. This patch extends the set to include the additional
> > > > 'resource<N>' entries that correspond to a PCI device's BARs.
> > >
> > > Nice, are you also going to patch bash to prevent a user from reading
> > > these sysfs files as well? :)
> > >
> > > And pciutils?
> > >
> > > You get my point here, right? The root user just asked to read all of
> > > the data for this device, so why wouldn't you allow it? Just like
> > > 'lspci' does. Or bash does.
> >
> > Yes :P , you raise a very good point, there are a lot of way a user can
> > poke around in those BARs. However, there is a difference between
> > shooting yourself in the foot and getting what you deserve versus
> > unknowingly executing a common command such as udevadm and having the
> > system hang.
> > >
> > > If this hardware has a problem, then it needs to be fixed in the kernel,
> > > not have random band-aids added to various userspace programs to paper
> > > over the root problem here. Please fix the kernel driver and all should
> > > be fine. No need to change udevadm.
> >
> > Xiangliang initially proposed a patch within the PCI core. Ignoring the
> > specific issue with the proposal which I pointed out in the
> > https://lkml.org/lkml/2013/3/7/242 thread, that just doesn't seem like
> > the right place to effect a change either as PCI's core isn't concerned
> > with the contents or access limitations of those regions, those are
> > issues that the driver concerns itself with.
> >
> > So things seem to be gravitating towards the driver. I'm fairly
> > ignorant of this area but as Robert succinctly pointed out in the
> > originating thread - the AHCI driver only uses the device's MMIO region.
> > The I/O related regions are for legacy SFF-compatible ATA ports and are
> > not used to driver the device. This, coupled with the observance that
> > userspace accesses such as udevadm, and others like you additionally
> > point out, do not filter through the device's driver for seems to
> > suggest that changes to the driver will not help here either.
>
> A PCI quirk should handle this properly, right? Why not do that? Worse
> thing, the quirk could just not expose these sysfs files for this
> device, which would solve all userspace program issues, right?
The quirk you are suggesting would basically have to be a reversion of
commit 8633328 for the reasons that Bjorn pointed out so that we cover
all devices, not just this one particular device:
We could put a quirk in the kernel for this device (obviously
the
issue is independent of whether the driver is loaded), but no
doubt
other devices with I/O BARs will have access size restrictions,
side
effects, or other issues. Adding quirks for them feels like a
never-ending job.
I'm beginning to think that people have not read the analysis which was
the first mail entry of this thread (I meant for the Subject: to read
"PATCH 0/1] ...) which is at https://lkml.org/lkml/2013/3/16/168
It appears [*] that we are exposed to this potential conflict with
*every* PCI device's resource# files; not just this one particular
device (again see the analysis cover email, especially the three
paragraphs starting with "Putting together...").
[*] I carefully use the word "appears" due to the one aspect of this
whole issue that I still do not understand which I also expressed in the
cover - which is immediately below the section I just pointed out above.
So what I'd like to understand and why we are focusing on this one
particular instance/device when we *appear* to be at risk with all
devices and their resource# files?
Myron
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2013-03-17 14:12 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-16 21:35 [PATCH] udevadm-info: Don't access sysfs entries backing device I/O port space Myron Stowe
2013-03-16 21:35 ` [PATCH] udevadm-info: Don't access sysfs 'resource<N>' files Myron Stowe
2013-03-16 22:11 ` Greg KH
2013-03-16 22:55 ` Bjorn Helgaas
2013-03-16 23:50 ` Myron Stowe
2013-03-17 1:03 ` Greg KH
2013-03-17 4:11 ` Alex Williamson
2013-03-17 5:36 ` Greg KH
2013-03-17 13:38 ` Alex Williamson
2013-03-17 14:00 ` Kay Sievers
2013-03-17 14:20 ` Myron Stowe
2013-03-17 14:29 ` Kay Sievers
2013-03-17 14:36 ` Myron Stowe
2013-03-17 14:43 ` Kay Sievers
2013-03-18 16:24 ` Alex Williamson
2013-03-18 16:41 ` Greg KH
2013-03-18 16:51 ` Alex Williamson
2013-03-18 17:20 ` Bjørn Mork
2013-03-18 17:54 ` Alex Williamson
2013-03-18 18:02 ` Robert Brown
2013-03-18 18:25 ` Bjørn Mork
2013-03-18 18:59 ` Alex Williamson
2013-03-19 16:57 ` Myron Stowe
2013-03-19 17:06 ` Myron Stowe
2013-03-17 14:33 ` Myron Stowe
2013-03-17 22:28 ` Alex Williamson
2013-03-18 14:50 ` Don Dutile
2013-03-18 16:34 ` Alex Williamson
2013-03-17 14:12 ` Myron Stowe [this message]
2013-03-19 1:54 ` Robert Hancock
2013-03-19 2:03 ` Greg KH
2013-03-19 2:09 ` Robert Hancock
2013-03-19 2:35 ` Greg KH
2013-03-19 3:08 ` Robert Hancock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1363529542.2423.39.camel@zim.stowe \
--to=mstowe@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kay@vrfy.org \
--cc=linux-hotplug@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=myron.stowe@redhat.com \
--cc=yuxiangl@marvell.com \
--cc=yxlraid@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).