53C8XX /sys/devices/pci*/*/config revisited

53C8XX /sys/devices/pci*/*/config revisited

[Matthias Andree]

Matthew,

remember the discussion we had in Late November last year about root
reading the upper 128 bytes of SYM53C8XX's /sys/devices/pci/*/*/config
file? See <http://marc.theaimsgroup.com/?l=linux-scsi&m=110113027015843&w=2>

The bug also affects a different user-space package, Freedesktop's
"hal", that now ships with the new SUSE Linux 9.3.

I filed two bug reports/additions against the user space, SUSE Ticket ID
[20050515990000057] and FreeDesktop's bugzilla as #1852.
<https://bugs.freedesktop.org/show_bug.cgi?id=1852>

BTW, the hald bug #1852 has been open since 2004-11-14, and so is
actually older than the discussion we had here, but SUSE wasn't using
HAL at that time so I was unaware - I've posted the contents of my
addition to that bug on the HAL list but if they haven't fixed the bug
in half a year, I don't see why they'd fix the bug just now.

In the message above, you offered

| > 2. is it a kernel bug if reading offset #216 (byte-wise) in the config
| >    file in sysfs confuses the hardware?
| 
| No, but it does seem to me that we could do better.  Unfortunately,
| the obvious thing to do (set the file size to less than 256 bytes) isn't
| really possible in sysfs.  But we could use the 'undocumented feature'
| in drivers/pci/pci-sysfs.c:pci_read_config() of setting the pci_dev's
| cfg_size to 128 bytes.  This would prevent even root from reading more
| than 128 bytes.  That'd be OK -- there's no *PCI* data in this range,
| even on the latest 1010/1030 controllers.  The operating registers are
| exposed in the 0x80-0xFF range only up to the 875; the 876 and later
| return only 0 in that range.

And I ask you to hack the driver as suggested to the bug keeps from
coming back as soon as a new user-space tool by $RANDOM_VENDOR feels
like it must read the whole range again.

Note also that the bug is visible on the 895, too. And it hurts, as it,
in connection with the GNOME desktop, offlines my CD-ROM drive, which
some automation component doesn't detect and hang, with GNOME not
starting up properly.

I fear that trying to fix user-space is going to become a neverending
story, with new packages causing trouble every other quarter.

I also filed a kernel bug against SUSE Linux, Ticket [20050515990000068]

Thanks in advance,

-- 
Matthias Andree

Re: 53C8XX /sys/devices/pci*/*/config revisited

[Arjan van de Ven]

On Sun, 2005-05-15 at 13:02 +0200, Matthias Andree wrote:
> Matthew,
> 
> remember the discussion we had in Late November last year about root
> reading the upper 128 bytes of SYM53C8XX's /sys/devices/pci/*/*/config
> file? See <http://marc.theaimsgroup.com/?l=linux-scsi&m=110113027015843&w=2>
> 
> The bug also affects a different user-space package, Freedesktop's
> "hal", that now ships with the new SUSE Linux 9.3.
> 
> I filed two bug reports/additions against the user space, SUSE Ticket ID
> [20050515990000057] and FreeDesktop's bugzilla as #1852.
> <https://bugs.freedesktop.org/show_bug.cgi?id=1852>
> 
> BTW, the hald bug #1852 has been open since 2004-11-14, and so is
> actually older than the discussion we had here, but SUSE wasn't using
> HAL at that time so I was unaware - I've posted the contents of my
> addition to that bug on the HAL list but if they haven't fixed the bug
> in half a year, I don't see why they'd fix the bug just now.

if hal reads more than 64 bytes of config space (heck if it reads config
space at all) then it's terminally broken.

Re: 53C8XX /sys/devices/pci*/*/config revisited

[Arjan van de Ven]

> if hal reads more than 64 bytes of config space (heck if it reads config
> space at all) then it's terminally broken.

this brings up a bug in the kernel though....
the config file is user readable! That's just plain dangerous and imo it
should be a root-only file as a result.

Re: 53C8XX /sys/devices/pci*/*/config revisited

[Matthias Andree]

On Sun, 15 May 2005, Arjan van de Ven wrote:

> 
> > if hal reads more than 64 bytes of config space (heck if it reads config
> > space at all) then it's terminally broken.
> 
> this brings up a bug in the kernel though....
> the config file is user readable! That's just plain dangerous and imo it
> should be a root-only file as a result.

The user can access only the first 64 bytes, but hald is apparently
meant to run as root so it can hack /etc/fstab for subfs file systems
and such. SUSE Linux 9.3 runs hald as root.

BTW, - note I have little clue of how PCI works - if the PCI
configuration space is only 64 bytes tall, then why the f* is the sysfs
.../config file listed as 256 bytes in the first place, even for root?

Relevant pointers to free copies of the PCI standard (the old 32 bit 33
MHz variant is sufficient) welcome, if such are available.

-- 
Matthias Andree

Re: 53C8XX /sys/devices/pci*/*/config revisited

[Matthew Wilcox]

On Sun, May 15, 2005 at 02:56:59PM +0200, Matthias Andree wrote:
> On Sun, 15 May 2005, Arjan van de Ven wrote:
> > > if hal reads more than 64 bytes of config space (heck if it reads config
> > > space at all) then it's terminally broken.
> > 
> > this brings up a bug in the kernel though....
> > the config file is user readable! That's just plain dangerous and imo it
> > should be a root-only file as a result.

The same is true of /proc/bus/pci.  Otherwise lspci doesn't work for non-root.

> The user can access only the first 64 bytes, but hald is apparently
> meant to run as root so it can hack /etc/fstab for subfs file systems
> and such. SUSE Linux 9.3 runs hald as root.
> 
> BTW, - note I have little clue of how PCI works - if the PCI
> configuration space is only 64 bytes tall, then why the f* is the sysfs
> .../config file listed as 256 bytes in the first place, even for root?

PCI has 256 bytes of config space.  However, not all vendors do sane
things with it (even though they're required to).  It's a bug in hald
that it reads more than it needs to ...

> Relevant pointers to free copies of the PCI standard (the old 32 bit 33
> MHz variant is sufficient) welcome, if such are available.

While they are not freely available, knowing that the name of the file is
"pci22.pdf" might help one locate non-legitimate copies.

-- 
"Next the statesmen will invent cheap lies, putting the blame upon 
the nation that is attacked, and every man will be glad of those
conscience-soothing falsities, and will diligently study them, and refuse
to examine any refutations of them; and thus he will by and by convince 
himself that the war is just, and will thank God for the better sleep 
he enjoys after this process of grotesque self-deception." -- Mark Twain

Re: 53C8XX /sys/devices/pci*/*/config revisited

[Greg KH]

On Sun, May 15, 2005 at 01:26:55PM +0200, Arjan van de Ven wrote:
> 
> > if hal reads more than 64 bytes of config space (heck if it reads config
> > space at all) then it's terminally broken.
> 
> this brings up a bug in the kernel though....
> the config file is user readable! That's just plain dangerous and imo it
> should be a root-only file as a result.

No, it's safe (or it should be), just like /proc/bus/pci is readable by
anyone for libpci.

thanks,

greg k-h