make /dev/pci really readable

Scott Long scottl at freebsd.org
Mon Jun 16 13:43:16 PDT 2003 

You should not always assume that reading PCI registers has no
side-effects.  It is certainly legal and possible for a PCI device to
detect the read request and alter the contents of the register (or some
other register) as a side effect, or change an internal state machine.
'Fixing' the various bits to allow unpriviledged access to 'pciconf -r'
is dangerous since you would have to teach the system about every pci
device in existance and how to trap on registers that have side-effects.

I see little reason why unpriviledged users should be given
register-level access to anything.  We don't let them read /dev/mem, do
we?  Fixing 'pciconf -l' is fine, but it really doesn't need to extend
beyond that.  I would consider 'pciconf -r' to be a security risk and
would treat it as such when it comes time for a release.

Scott

John-Mark Gurney wrote:
> Robert Watson wrote this message on Mon, Jun 16, 2003 at 13:54 -0400:
> 
>>On Mon, 16 Jun 2003, John-Mark Gurney wrote:
>>will affect all users in the system).  Could you do that cleanup in the
>>first pass, then revisit the permissions change?
> 
> 
> ok, I've taken a look at it, and I don't see any major problems with it
> besides what I mentioned earlier.  I've attached a patch that only lets
> you do pciconf -l (query pci devices we know about), but it also enforces
> the register to be in valid bounds and also makes sure it's aligned.  I
> think it's safest to do it here.  Should I copy the restrictions on
> read into the write block (actually, take them out of the case so they
> can be shared)?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Index: pci_user.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/dev/pci/pci_user.c,v
> retrieving revision 1.9
> diff -u -r1.9 pci_user.c
> --- pci_user.c	2003/03/03 12:15:44	1.9
> +++ pci_user.c	2003/06/16 19:44:39
> @@ -176,7 +176,7 @@
>  	const char *name;
>  	int error;
>  
> -	if (!(flag & FWRITE))
> +	if (!(flag & FWRITE) && cmd != PCIOCGETCONF)
>  		return EPERM;
>  
>  
> @@ -342,7 +342,7 @@
>  		for (cio->num_matches = 0, error = 0, i = 0,
>  		     dinfo = STAILQ_FIRST(devlist_head);
>  		     (dinfo != NULL) && (cio->num_matches < ionum)
> -		     && (error == 0) && (i < pci_numdevs);
> +		     && (error == 0) && (i < pci_numdevs) && (dinfo != NULL);
>  		     dinfo = STAILQ_NEXT(dinfo, pci_links), i++) {
>  
>  			if (i < cio->offset)
> @@ -412,7 +412,10 @@
>  		}
>  	case PCIOCREAD:
>  		io = (struct pci_io *)data;
> -		switch(io->pi_width) {
> +		if (io->pi_reg < 0 || io->pi_reg + io_pi_width > PCI_REGMAX ||
> +		    io->pi_reg & (io->pi_width - 1))
> +			error = EINVAL;
> +		else switch(io->pi_width) {
>  		case 4:
>  		case 2:
>  		case 1:
> @@ -439,7 +442,7 @@
>  			}
>  			break;
>  		default:
> -			error = ENODEV;
> +			error = EINVAL;
>  			break;
>  		}
>  		break;
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"

More information about the freebsd-arch mailing list