[PATCH 0/6] cxl fixes for v5.15-rc1

[PATCH 0/6] cxl fixes for v5.15-rc1

[Dan Williams]

Given the decision to delay cxl_test and some of the related reworks to
the next merge window, here are the broken out fixes that will be
appended to the base-commit noted below. Changes from previous posting
include:

- "cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports": Add a
  comment about when acpi_pci_find_root() is known to not fail
  (Jonathan)

- Fix lockdown reason in cxl_mem_raw_command_allowed() (Ondrej)

- Pick up, with small change log tweaks, Ben's defined, but not used patch

- Fix some 'make docs' warnings (Ben)

---

Alison Schofield (1):
      cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports

Ben Widawsky (1):
      cxl/uapi: Fix defined but not used warnings

Dan Williams (3):
      cxl/pci: Fix lockdown level
      cxl/pmem: Fix Documentation warning
      cxl/registers: Fix Documentation warning

Li Qiang (Johnny Li) (1):
      cxl/pci: Fix debug message in cxl_probe_regs()


 Documentation/driver-api/cxl/memory-devices.rst |    4 ++-
 drivers/cxl/acpi.c                              |   12 ++++++---
 drivers/cxl/core/pmem.c                         |   30 +++++++++++++++++++++--
 drivers/cxl/core/regs.c                         |   15 +++++++++++-
 drivers/cxl/pci.c                               |    6 ++---
 include/uapi/linux/cxl_mem.h                    |    2 +-
 6 files changed, 56 insertions(+), 13 deletions(-)

base-commit: 00ca683e618065e2375b49c91002384735c76d41

[PATCH 1/6] cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports

[Dan Williams]

From: Alison Schofield <alison.schofield@intel.com>

During CXL ACPI probe, host bridge ports are discovered by scanning
the ACPI0017 root port for ACPI0016 host bridge devices. The scan
matches on the hardware id of "ACPI0016". An issue occurs when an
ACPI0016 device is defined in the DSDT yet disabled on the platform.
Attempts by the cxl_acpi driver to add host bridge ports using a
disabled device fails, and the entire cxl_acpi probe fails.

The DSDT table includes an _STA method that sets the status and the
ACPI subsystem has checks available to examine it. One such check is
in the acpi_pci_find_root() path. Move the call to acpi_pci_find_root()
to the matching function to prevent this issue when adding either
upstream or downstream ports.

Suggested-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Fixes: 7d4b5ca2e2cb ("cxl/acpi: Add downstream port data to cxl_port instances")
Cc: <stable@vger.kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/cxl/acpi.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/cxl/acpi.c b/drivers/cxl/acpi.c
index 8ae89273f58e..54e9d4d2cf5f 100644
--- a/drivers/cxl/acpi.c
+++ b/drivers/cxl/acpi.c
@@ -243,6 +243,9 @@ static struct acpi_device *to_cxl_host_bridge(struct device *dev)
 {
 	struct acpi_device *adev = to_acpi_device(dev);
 
+	if (!acpi_pci_find_root(adev->handle))
+		return NULL;
+
 	if (strcmp(acpi_device_hid(adev), "ACPI0016") == 0)
 		return adev;
 	return NULL;
@@ -266,10 +269,6 @@ static int add_host_bridge_uport(struct device *match, void *arg)
 	if (!bridge)
 		return 0;
 
-	pci_root = acpi_pci_find_root(bridge->handle);
-	if (!pci_root)
-		return -ENXIO;
-
 	dport = find_dport_by_dev(root_port, match);
 	if (!dport) {
 		dev_dbg(host, "host bridge expected and not found\n");
@@ -282,6 +281,11 @@ static int add_host_bridge_uport(struct device *match, void *arg)
 		return PTR_ERR(port);
 	dev_dbg(host, "%s: add: %s\n", dev_name(match), dev_name(&port->dev));
 
+	/*
+	 * Note that this lookup already succeeded in
+	 * to_cxl_host_bridge(), so no need to check for failure here
+	 */
+	pci_root = acpi_pci_find_root(bridge->handle);
 	ctx = (struct cxl_walk_context){
 		.dev = host,
 		.root = pci_root->bus,

[PATCH 2/6] cxl/pci: Fix lockdown level

[Dan Williams]

A proposed rework of security_locked_down() users identified that the
cxl_pci driver was passing the wrong lockdown_reason. Update
cxl_mem_raw_command_allowed() to fail raw command access when raw pci
access is also disabled.

Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
Cc: Ben Widawsky <ben.widawsky@intel.com>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: <stable@vger.kernel.org>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/cxl/pci.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index 651e8d4ec974..37903259ee79 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -575,7 +575,7 @@ static bool cxl_mem_raw_command_allowed(u16 opcode)
 	if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
 		return false;
 
-	if (security_locked_down(LOCKDOWN_NONE))
+	if (security_locked_down(LOCKDOWN_PCI_ACCESS))
 		return false;
 
 	if (cxl_raw_allow_all)

[PATCH 3/6] cxl/pci: Fix debug message in cxl_probe_regs()

[Dan Williams]

From: Li Qiang (Johnny Li) <johnny.li@montage-tech.com>

Indicator string for mbox and memdev register set to status
incorrectly in error message.

Cc: <stable@vger.kernel.org>
Fixes: 30af97296f48 ("cxl/pci: Map registers based on capabilities")
Signed-off-by: Li Qiang (Johnny Li) <johnny.li@montage-tech.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/cxl/pci.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index 37903259ee79..8e45aa07d662 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -1041,8 +1041,8 @@ static int cxl_probe_regs(struct cxl_mem *cxlm, void __iomem *base,
 		    !dev_map->memdev.valid) {
 			dev_err(dev, "registers not found: %s%s%s\n",
 				!dev_map->status.valid ? "status " : "",
-				!dev_map->mbox.valid ? "status " : "",
-				!dev_map->memdev.valid ? "status " : "");
+				!dev_map->mbox.valid ? "mbox " : "",
+				!dev_map->memdev.valid ? "memdev " : "");
 			return -ENXIO;
 		}
 

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Paul Moore]

On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@intel.com> wrote:
>
> A proposed rework of security_locked_down() users identified that the
> cxl_pci driver was passing the wrong lockdown_reason. Update
> cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> access is also disabled.
>
> Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> Cc: Ben Widawsky <ben.widawsky@intel.com>
> Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> Cc: <stable@vger.kernel.org>
> Cc: Ondrej Mosnacek <omosnace@redhat.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
>  drivers/cxl/pci.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Hi Dan,

Thanks for fixing this up.  Would you mind if this was included in
Ondrej's patchset, or would you prefer to merge it via another tree
(e.g. cxl)?

> diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
> index 651e8d4ec974..37903259ee79 100644
> --- a/drivers/cxl/pci.c
> +++ b/drivers/cxl/pci.c
> @@ -575,7 +575,7 @@ static bool cxl_mem_raw_command_allowed(u16 opcode)
>         if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
>                 return false;
>
> -       if (security_locked_down(LOCKDOWN_NONE))
> +       if (security_locked_down(LOCKDOWN_PCI_ACCESS))
>                 return false;
>
>         if (cxl_raw_allow_all)
>

-- 
paul moore
www.paul-moore.com

Re: [PATCH 3/6] cxl/pci: Fix debug message in cxl_probe_regs()

[Jonathan Cameron]

On Fri, 3 Sep 2021 19:20:50 -0700
Dan Williams <dan.j.williams@intel.com> wrote:

> From: Li Qiang (Johnny Li) <johnny.li@montage-tech.com>
> 
> Indicator string for mbox and memdev register set to status
> incorrectly in error message.
> 
> Cc: <stable@vger.kernel.org>
> Fixes: 30af97296f48 ("cxl/pci: Map registers based on capabilities")
> Signed-off-by: Li Qiang (Johnny Li) <johnny.li@montage-tech.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
fwiw obviously correct.

Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>

> ---
>  drivers/cxl/pci.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
> index 37903259ee79..8e45aa07d662 100644
> --- a/drivers/cxl/pci.c
> +++ b/drivers/cxl/pci.c
> @@ -1041,8 +1041,8 @@ static int cxl_probe_regs(struct cxl_mem *cxlm, void __iomem *base,
>  		    !dev_map->memdev.valid) {
>  			dev_err(dev, "registers not found: %s%s%s\n",
>  				!dev_map->status.valid ? "status " : "",
> -				!dev_map->mbox.valid ? "status " : "",
> -				!dev_map->memdev.valid ? "status " : "");
> +				!dev_map->mbox.valid ? "mbox " : "",
> +				!dev_map->memdev.valid ? "memdev " : "");
>  			return -ENXIO;
>  		}
>  
> 

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Dan Williams]

On Fri, Sep 3, 2021 at 8:57 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@intel.com> wrote:
> >
> > A proposed rework of security_locked_down() users identified that the
> > cxl_pci driver was passing the wrong lockdown_reason. Update
> > cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> > access is also disabled.
> >
> > Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> > Cc: Ben Widawsky <ben.widawsky@intel.com>
> > Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > Cc: <stable@vger.kernel.org>
> > Cc: Ondrej Mosnacek <omosnace@redhat.com>
> > Cc: Paul Moore <paul@paul-moore.com>
> > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > ---
> >  drivers/cxl/pci.c |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Hi Dan,
>
> Thanks for fixing this up.  Would you mind if this was included in
> Ondrej's patchset, or would you prefer to merge it via another tree
> (e.g. cxl)?

I was planning to merge this via the cxl tree for v5.15-rc1.

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Paul Moore]

On Tue, Sep 7, 2021 at 1:39 PM Dan Williams <dan.j.williams@intel.com> wrote:
> On Fri, Sep 3, 2021 at 8:57 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > >
> > > A proposed rework of security_locked_down() users identified that the
> > > cxl_pci driver was passing the wrong lockdown_reason. Update
> > > cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> > > access is also disabled.
> > >
> > > Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> > > Cc: Ben Widawsky <ben.widawsky@intel.com>
> > > Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > > Cc: <stable@vger.kernel.org>
> > > Cc: Ondrej Mosnacek <omosnace@redhat.com>
> > > Cc: Paul Moore <paul@paul-moore.com>
> > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > ---
> > >  drivers/cxl/pci.c |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > Hi Dan,
> >
> > Thanks for fixing this up.  Would you mind if this was included in
> > Ondrej's patchset, or would you prefer to merge it via another tree
> > (e.g. cxl)?
>
> I was planning to merge this via the cxl tree for v5.15-rc1.

Okay, thanks.

-- 
paul moore
www.paul-moore.com

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Ondrej Mosnacek]

On Tue, Sep 7, 2021 at 9:47 PM Paul Moore <paul@paul-moore.com> wrote:
> On Tue, Sep 7, 2021 at 1:39 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > On Fri, Sep 3, 2021 at 8:57 PM Paul Moore <paul@paul-moore.com> wrote:
> > >
> > > On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > > >
> > > > A proposed rework of security_locked_down() users identified that the
> > > > cxl_pci driver was passing the wrong lockdown_reason. Update
> > > > cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> > > > access is also disabled.
> > > >
> > > > Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> > > > Cc: Ben Widawsky <ben.widawsky@intel.com>
> > > > Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > > > Cc: <stable@vger.kernel.org>
> > > > Cc: Ondrej Mosnacek <omosnace@redhat.com>
> > > > Cc: Paul Moore <paul@paul-moore.com>
> > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > > ---
> > > >  drivers/cxl/pci.c |    2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > Hi Dan,
> > >
> > > Thanks for fixing this up.  Would you mind if this was included in
> > > Ondrej's patchset, or would you prefer to merge it via another tree
> > > (e.g. cxl)?
> >
> > I was planning to merge this via the cxl tree for v5.15-rc1.
>
> Okay, thanks.

And I can see the patch is now in Linus' tree, so if Paul agrees I'll
rebase the patch on top of v5.15-rc1 once it's tagged and do one more
respin. There are a few other minor conflicts and one new
security_locked_down() call to cover, anyway.

Dan, is it okay if I preserve your Acked-by from the last version?
There will be no other change in the cxl area than rebasing on top of
this patch.

Thank you for taking care of the fix!

--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Dan Williams]

On Fri, Sep 10, 2021 at 5:55 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Tue, Sep 7, 2021 at 9:47 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Tue, Sep 7, 2021 at 1:39 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > > On Fri, Sep 3, 2021 at 8:57 PM Paul Moore <paul@paul-moore.com> wrote:
> > > >
> > > > On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > > > >
> > > > > A proposed rework of security_locked_down() users identified that the
> > > > > cxl_pci driver was passing the wrong lockdown_reason. Update
> > > > > cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> > > > > access is also disabled.
> > > > >
> > > > > Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> > > > > Cc: Ben Widawsky <ben.widawsky@intel.com>
> > > > > Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > > > > Cc: <stable@vger.kernel.org>
> > > > > Cc: Ondrej Mosnacek <omosnace@redhat.com>
> > > > > Cc: Paul Moore <paul@paul-moore.com>
> > > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > > > ---
> > > > >  drivers/cxl/pci.c |    2 +-
> > > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > Hi Dan,
> > > >
> > > > Thanks for fixing this up.  Would you mind if this was included in
> > > > Ondrej's patchset, or would you prefer to merge it via another tree
> > > > (e.g. cxl)?
> > >
> > > I was planning to merge this via the cxl tree for v5.15-rc1.
> >
> > Okay, thanks.
>
> And I can see the patch is now in Linus' tree, so if Paul agrees I'll
> rebase the patch on top of v5.15-rc1 once it's tagged and do one more
> respin. There are a few other minor conflicts and one new
> security_locked_down() call to cover, anyway.
>
> Dan, is it okay if I preserve your Acked-by from the last version?

Sure.

> There will be no other change in the cxl area than rebasing on top of
> this patch.
>
> Thank you for taking care of the fix!

Thanks for the patience as I circled back.

Re: [PATCH 2/6] cxl/pci: Fix lockdown level

[Paul Moore]

On Fri, Sep 10, 2021 at 8:55 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> And I can see the patch is now in Linus' tree, so if Paul agrees I'll
> rebase the patch on top of v5.15-rc1 once it's tagged ...

Please do, thanks.

-- 
paul moore
www.paul-moore.com