From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70499293734; Mon, 5 May 2025 22:18:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746483512; cv=none; b=fpKVweabNOa2S1Bxw0uXN22uqQqIu7OQ/JBhUrzJMk8VcFN0c/QBfkXlyU/CjAPyW4xEO6lXdrsika8Cm/boUpcJMYSe7sD1d5s61nHstvX69oyVD7aGnJZqc60K/TfMeCrHphnlJDXbRS4LlUW3D6RjicSo6bcRWfvP3PSOaMI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746483512; c=relaxed/simple; bh=348ya/iuzCHhvAa2VC79mhetqZGOphla2yr90KIk+yI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SDILUsKh2ENxs4D4OHuqCCzmgsCOMn+qfXssAugykjn9IEbeDk1FvvhA8tiY3dHINInM5x4C5+z2OOhuB/moHAUaMr1DeCxMMVmidL5wmk9HCnvbYoMMRHnDJH6kdizyZ1uStd/ejDww2IeHyDs8JrPoKGPhuuMrp9Yl7a8TuwU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=r6+Czrti; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="r6+Czrti" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 71B18C4CEED; Mon, 5 May 2025 22:18:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746483511; bh=348ya/iuzCHhvAa2VC79mhetqZGOphla2yr90KIk+yI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r6+CzrtiTH8FxF+DqW5Ga6E7r6QSoqbFB0V6DemCDq4qrdk2jyOwb/P79n5L2I+kf pOOCv4ZYNQa+WI3Rn3JpBZwaQJOF2UfFUq/LyuOyfP5Ph6ji1cWlWh/RNaE5Vdlq47 VG9YvKKZ9r2Si2iA9B4HvJAOILyTB0wLKk7JJmRfqu+WHQ2KzCCVN3F3iVp5Q+dRHE 3Bzl/OLAJYhuhlDg5QVmAod6beGHP39d1e5lZBo68dkv8dTjLMMM5x2OMgnfh3DxLB R8DBjBNUN7FhrSqDwWsgkt9BlZ7u1omjYqMxuouAyX7iVtrFIXo5iw48+ZsQgG6uAk d6rTdH/8u3zKQ== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Mario Limonciello , Yazen Ghannam , Borislav Petkov , Ingo Molnar , Sasha Levin , tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org Subject: [PATCH AUTOSEL 6.14 088/642] x86/amd_node: Add SMN offsets to exclusive region access Date: Mon, 5 May 2025 18:05:04 -0400 Message-Id: <20250505221419.2672473-88-sashal@kernel.org> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250505221419.2672473-1-sashal@kernel.org> References: <20250505221419.2672473-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.14.5 Content-Transfer-Encoding: 8bit From: Mario Limonciello [ Upstream commit 83518453074d1f3eadbf7e61652b608a60087317 ] Offsets 0x60 and 0x64 are used internally by kernel drivers that call the amd_smn_read() and amd_smn_write() functions. If userspace accesses the regions at the same time as the kernel it may cause malfunctions in drivers using the offsets. Add these offsets to the exclusions so that the kernel is tainted if a non locked down userspace tries to access them. Signed-off-by: Mario Limonciello Signed-off-by: Yazen Ghannam Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Ingo Molnar Link: https://lore.kernel.org/r/20250130-wip-x86-amd-nb-cleanup-v4-2-b5cc997e471b@amd.com Signed-off-by: Sasha Levin --- arch/x86/kernel/amd_node.c | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c index d2ec7fd555c51..aae88e6a064a3 100644 --- a/arch/x86/kernel/amd_node.c +++ b/arch/x86/kernel/amd_node.c @@ -93,6 +93,7 @@ static struct pci_dev **amd_roots; /* Protect the PCI config register pairs used for SMN. */ static DEFINE_MUTEX(smn_mutex); +static bool smn_exclusive; #define SMN_INDEX_OFFSET 0x60 #define SMN_DATA_OFFSET 0x64 @@ -146,6 +147,9 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 address, u32 *value, b if (!root) return err; + if (!smn_exclusive) + return err; + guard(mutex)(&smn_mutex); err = pci_write_config_dword(root, i_off, address); @@ -193,6 +197,39 @@ static int amd_cache_roots(void) return 0; } +static int reserve_root_config_spaces(void) +{ + struct pci_dev *root = NULL; + struct pci_bus *bus = NULL; + + while ((bus = pci_find_next_bus(bus))) { + /* Root device is Device 0 Function 0 on each Primary Bus. */ + root = pci_get_slot(bus, 0); + if (!root) + continue; + + if (root->vendor != PCI_VENDOR_ID_AMD && + root->vendor != PCI_VENDOR_ID_HYGON) + continue; + + pci_dbg(root, "Reserving PCI config space\n"); + + /* + * There are a few SMN index/data pairs and other registers + * that shouldn't be accessed by user space. + * So reserve the entire PCI config space for simplicity rather + * than covering specific registers piecemeal. + */ + if (!pci_request_config_region_exclusive(root, 0, PCI_CFG_SPACE_SIZE, NULL)) { + pci_err(root, "Failed to reserve config space\n"); + return -EEXIST; + } + } + + smn_exclusive = true; + return 0; +} + static int __init amd_smn_init(void) { int err; @@ -209,6 +246,10 @@ static int __init amd_smn_init(void) if (err) return err; + err = reserve_root_config_spaces(); + if (err) + return err; + return 0; } -- 2.39.5