Page MenuHomeFreeBSD
Differential D16580

Change default group and mode of /dev/pci to be the same as /dev/mem.
ClosedPublic
Actions

Authored by kib on Aug 3 2018, 12:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Feb 8, 7:53 PM
Unknown Object (File)
Sat, Feb 8, 6:41 PM
Unknown Object (File)
Wed, Jan 29, 4:08 AM
Unknown Object (File)
Wed, Jan 22, 12:56 PM
Unknown Object (File)
Sun, Jan 19, 12:27 PM
Unknown Object (File)
Dec 31 2024, 8:10 PM
Unknown Object (File)
Dec 30 2024, 8:07 PM
Unknown Object (File)
Dec 29 2024, 7:48 PM
View All 88 Files
Subscribers
None

Details

Reviewers
se
jhb
imp
Commits
rS337269: Require write access when mmapping BAR.
Summary

Read access to either config space or BAR of an arbitrary PCI device should be considered to provide the same rights as complete read access to the physical memory and even more.

Discussed with: se

NB. An alternative could be to add a sysctl to administratively enable/disable BAR mapping through /dev/pci, or drop BAR ioctl on /dev/pci and provide second device where the ioctl is functional, with root:kmem 0640 rights. But I believe that config read access to the Intel config devices in uncore is sensitive enough already.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Aug 3 2018, 12:01 PM
Harbormaster completed remote builds in B18548: Diff 46231.Aug 3 2018, 12:01 PM
jhb added a comment.Aug 3 2018, 4:10 PM

I suspect this breaks plain 'pciconf -l' for normal users. Note that plain pciconf -l doesn't do direct config access, it uses an ioctl that just returns the vendor and device IDs. Things like pciconf -lc or pciconf -r that actually do raw config access use ioctls that require write access and thus are only permitted to root by default. What is the problem you are trying to solve? Do you want to make the ioctl to map a BAR root-only and it is currently permitted for normal users? If so, add that ioctl to the list of ioctls that require FWRITE.

Oh, you explicitly added it to the list that only require FREAD. I would remove it from that last so that you require a writable fd to map the bar. The existing ioctls permitted for only FREAD are all careful to only contain "safe" information and not allow arbitrary access (e.g. GETBAR just returns the values of a BAR register, but that doesn't permit you to read/write the memory and you can't change the register either)

kib updated this revision to Diff 46249.Aug 3 2018, 4:21 PM

Remove PCIOCBARMMAP from the list of allowed ro ioctls.

Harbormaster completed remote builds in B18558: Diff 46249.Aug 3 2018, 4:21 PM
kib added a comment.Aug 3 2018, 4:21 PM
In D16580#352116, @jhb wrote:

I suspect this breaks plain 'pciconf -l' for normal users. Note that plain pciconf -l doesn't do direct config access, it uses an ioctl that just returns the vendor and device IDs. Things like pciconf -lc or pciconf -r that actually do raw config access use ioctls that require write access and thus are only permitted to root by default. What is the problem you are trying to solve? Do you want to make the ioctl to map a BAR root-only and it is currently permitted for normal users? If so, add that ioctl to the list of ioctls that require FWRITE.

Oh, you explicitly added it to the list that only require FREAD. I would remove it from that last so that you require a writable fd to map the bar. The existing ioctls permitted for only FREAD are all careful to only contain "safe" information and not allow arbitrary access (e.g. GETBAR just returns the values of a BAR register, but that doesn't permit you to read/write the memory and you can't change the register either)

So are you suggesting the updated patch instead ? I can see how would it improve things for bar mmap. If you agree, I will update the review title and summary.

jhb added a comment.Aug 3 2018, 5:33 PM

Yes, I think this is consistent with the other PCI ioctls, sorry I missed that previously. Does this satisfy your concerns re: security or do you think the kmem group should have write access to /dev/pci (as a separate change)?

jhb accepted this revision.Aug 3 2018, 5:33 PM
This revision is now accepted and ready to land.Aug 3 2018, 5:33 PM
kib added a comment.Aug 3 2018, 6:07 PM
In D16580#352172, @jhb wrote:

Yes, I think this is consistent with the other PCI ioctls, sorry I missed that previously. Does this satisfy your concerns re: security or do you think the kmem group should have write access to /dev/pci (as a separate change)?

Yes, I think it satisfies the concerns and now it is really hold access permissions for config space same as for the bar mapping. Thank you.

Closed by commit rS337269: Require write access when mmapping BAR. (authored by kib). · Explain WhyAug 3 2018, 6:35 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
pci/
1 line
usr.sbin/
pciconf/
2 lines

Diff 46258

View Options

head/sys/dev/pci/pci_user.c

Loading...
View Options

head/usr.sbin/pciconf/pciconf.c

Loading...