On Fri, Sep 3, 2021 at 10:20 PM Dan Williams <dan.j.williams@xxxxxxxxx> wrote:
>
> A proposed rework of security_locked_down() users identified that the
> cxl_pci driver was passing the wrong lockdown_reason. Update
> cxl_mem_raw_command_allowed() to fail raw command access when raw pci
> access is also disabled.
>
> Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
> Cc: Ben Widawsky <ben.widawsky@xxxxxxxxx>
> Cc: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Cc: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> Cc: Paul Moore <paul@xxxxxxxxxxxxxx>
> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
> ---
> drivers/cxl/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Hi Dan,
Thanks for fixing this up. Would you mind if this was included in
Ondrej's patchset, or would you prefer to merge it via another tree
(e.g. cxl)?
> diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
> index 651e8d4ec974..37903259ee79 100644
> --- a/drivers/cxl/pci.c
> +++ b/drivers/cxl/pci.c
> @@ -575,7 +575,7 @@ static bool cxl_mem_raw_command_allowed(u16 opcode)
> if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
> return false;
>
> - if (security_locked_down(LOCKDOWN_NONE))
> + if (security_locked_down(LOCKDOWN_PCI_ACCESS))
> return false;
>
> if (cxl_raw_allow_all)
>
--
paul moore
www.paul-moore.com
