On Tue, May 23, 2017 at 07:43:16PM +0200, Mason wrote:
> On 23/05/2017 19:24, Bjorn Helgaas wrote:
> > On Thu, Apr 20, 2017 at 04:31:25PM +0200, Marc Gonzalez wrote:
> >> This driver is required to work around several hardware bugs in the
> >> PCIe controller.
> >>
> >> NB: Revision 1 does not support legacy interrupts, or IO space.
> >>
> >> Signed-off-by: Marc Gonzalez <marc_gonzalez@xxxxxxxxxxxxxxxx>
> >> ---
> >> Documentation/devicetree/bindings/pci/tango-pcie.txt | 32 ++++++++
> >> drivers/pci/host/Kconfig | 8 ++
> >> drivers/pci/host/Makefile | 1 +
> >> drivers/pci/host/pcie-tango.c | 161 +++++++++++++++++++++++++++++++++++++++
> >> include/linux/pci_ids.h | 2 +
> >> 5 files changed, 204 insertions(+)
> >> ...
> >
> >> +static int smp8759_config_read(struct pci_bus *bus,
> >> + unsigned int devfn, int where, int size, u32 *val)
> >> +{
> >> + int ret;
> >> + struct pci_config_window *cfg = bus->sysdata;
> >> + struct tango_pcie *pcie = dev_get_drvdata(cfg->parent);
> >> +
> >> + /*
> >> + * QUIRK #1
> >> + * Reads in configuration space outside devfn 0 return garbage.
> >> + */
> >> + if (devfn != 0)
> >> + return PCIBIOS_FUNC_NOT_SUPPORTED;
> >> +
> >> + /*
> >> + * QUIRK #2
> >> + * Unfortunately, config and mem spaces are muxed.
> >> + * Linux does not support such a setting, since drivers are free
> >> + * to access mem space directly, at any time.
> >> + * Therefore, we can only PRAY that config and mem space accesses
> >> + * NEVER occur concurrently.
> >> + */
> >> + writel_relaxed(1, pcie->mux);
> >> + ret = pci_generic_config_read(bus, devfn, where, size, val);
> >> + writel_relaxed(0, pcie->mux);
> >
> > This is a major issue and possibly even a security problem.
> > Unprivileged users can cause config accesses via lspci/setpci.
>
> Since the host bridge doesn't support hotplug in any way,
> how about setting a flag once enumeration is complete,
> to prevent all future config accesses?
I thought about that, too, but I'm not sure it will work becuase I
think drivers will need to do at least a few config accesses, e.g.,
pci_enable_device() may write PCI_COMMAND to set PCI_COMMAND_MEMORY,
it may read PCI_INTERRUPT_PIN, etc. And MSI setup requires config
access, too.
> > I don't have a good suggestion for addressing it, but if you can't
> > make this work reliably, you need at least a dev_err() in the probe
> > function and probably a taint of the kernel (see add_taint()).
>
> There is a chance that the issue will get fixed in rev2
> of the bridge. But obviously, that won't help for rev1
> already in the wild.
Hopefully there will be a way to distinguish rev2 from rev1.
Bjorn
