[{"id":3675812,"web_url":"http://patchwork.ozlabs.org/comment/3675812/","msgid":"<93f81aa9-ce74-92bb-5227-d2ccb0a3e06c@linux.intel.com>","list_archive_url":null,"date":"2026-04-10T11:04:16","subject":"Re: [PATCH 10/20] alpha/PCI: Add security_locked_down() check to\n pci_mmap_resource()","submitter":{"id":83553,"url":"http://patchwork.ozlabs.org/api/people/83553/","name":"Ilpo Järvinen","email":"ilpo.jarvinen@linux.intel.com"},"content":"On Fri, 10 Apr 2026, Krzysztof Wilczyński wrote:\n\n> Currently, Alpha's pci_mmap_resource() does not check\n> security_locked_down(LOCKDOWN_PCI_ACCESS) before allowing\n> userspace to mmap PCI BARs.\n> \n> The generic version has had this check since commit eb627e17727e\n> (\"PCI: Lock down BAR access when the kernel is locked down\") to\n> prevent DMA attacks when the kernel is locked down.\n> \n> Add the same check to Alpha's pci_mmap_resource().\n> \n> Signed-off-by: Krzysztof Wilczyński \n\nMaybe add Fixes: eb627e17727e ...\n\n> ---\n> arch/alpha/kernel/pci-sysfs.c | 7 ++++++-\n> 1 file changed, 6 insertions(+), 1 deletion(-)\n> \n> diff --git a/arch/alpha/kernel/pci-sysfs.c b/arch/alpha/kernel/pci-sysfs.c\n> index 3048758304b5..2324720c3e83 100644\n> --- a/arch/alpha/kernel/pci-sysfs.c\n> +++ b/arch/alpha/kernel/pci-sysfs.c\n> @@ -11,6 +11,7 @@\n> */\n> \n> #include \n> +#include \n> #include \n> #include \n> #include \n> @@ -71,7 +72,11 @@ static int pci_mmap_resource(struct kobject *kobj,\n> \tstruct resource *res = attr->private;\n> \tenum pci_mmap_state mmap_type;\n> \tstruct pci_bus_region bar;\n> -\tint i;\n> +\tint i, ret;\n> +\n> +\tret = security_locked_down(LOCKDOWN_PCI_ACCESS);\n> +\tif (ret)\n> +\t\treturn ret;\n> \n> \tfor (i = 0; i < PCI_STD_NUM_BARS; i++)\n> \t\tif (res == &pdev->resource[i])\n> \n\nReviewed-by: Ilpo Järvinen ","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=J9vQW5MP;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=linux-pci+bounces-52295-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"J9vQW5MP\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.13","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsYwY0snrz1y2d\n\tfor ; Fri, 10 Apr 2026 21:09:33 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 54E82300CE42\n\tfor ; Fri, 10 Apr 2026 11:04:31 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id A4A453AE196;\n\tFri, 10 Apr 2026 11:04:30 +0000 (UTC)","from mgamail.intel.com (mgamail.intel.com [198.175.65.13])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 2020D3976B3;\n\tFri, 10 Apr 2026 11:04:28 +0000 (UTC)","from orviesa006.jf.intel.com ([10.64.159.146])\n by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 04:04:29 -0700","from ijarvine-mobl1.ger.corp.intel.com (HELO localhost)\n ([10.245.244.118])\n by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 04:04:19 -0700"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775819070; cv=none;\n b=OuY5MSHuKpcoqTWYC30GxGoL22Fukjo8FFfOQc/syFzDiZaVJi0/BJUL/XS/pTBwDKDe2fxbxy6ElxfMVRnnNC8YaOO+XROxHKlnpJB0YMrqQcWAAMxJYFsh+mjsrImEMff8um4UEQVnnYutX0bKbKp8nqSC7c4/o9Wjb7GMFuo=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775819070; c=relaxed/simple;\n\tbh=ie5mL37AI9/SoDKmjWEXYIZ3Y62rbPGSCw23WIYez+M=;\n\th=From:Date:To:cc:Subject:In-Reply-To:Message-ID:References:\n\t MIME-Version:Content-Type;\n b=py2g6yCD9VdrJuICaHZLXjmMzTjKFAwVS8csR7iXU8tB5E0GmkR6Xsaghb8+YeaXrVlaarZ3WvJiIDwxntH7y414f8ifGY14FdQaNhhXf3tjHN4kylC+927oQJN4FaaPluw3XPsCkhygJrCLuIIii7rEkEvVjWTx8iH3GKjjLsU=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=J9vQW5MP; arc=none smtp.client-ip=198.175.65.13","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1775819070; x=1807355070;\n h=from:date:to:cc:subject:in-reply-to:message-id:\n references:mime-version;\n bh=ie5mL37AI9/SoDKmjWEXYIZ3Y62rbPGSCw23WIYez+M=;\n b=J9vQW5MPfe3wamTipMYJTrn3UGHhczvAzK/ds4u99BlXUOt+b8bQwrLn\n LWXsN/Z/lATSUymmipK3SC5G99yGWSxPuTw4nyZQZw8a/3CgVzuTj0Or7\n PUlXyj/fCZR2rpGHSvf1eur7EZnj/psobogfP/zXgznbvw61Zp0el6omm\n 0ziKewXgWU/NLi09bJn1KYtbpUliAJeLuIjqw1K37SDBqNeGoIC2L+HXD\n FqVSPv4vCLr7lp7ju+4NRb3kQ5oS8vWw8uUUa/O9TQkO1KTZ5SEEazFwU\n 7tHnBoKN+jA1TPclg5AA+29gWc8cOhb3axnZByux0RmYYPcIhwO+uRreF\n w==;","X-CSE-ConnectionGUID":["12pBNlVVSnOedsvhTomOJw==","AFN9uzRlTtyiLYJXbIC8Hg=="],"X-CSE-MsgGUID":["2ET6pN/eSCuont9CXzzJqA==","1Qnc4FGjTdGVlIiX03QVWg=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11754\"; a=\"87913341\"","E=Sophos;i=\"6.23,171,1770624000\";\n d=\"scan'208\";a=\"87913341\"","E=Sophos;i=\"6.23,171,1770624000\";\n d=\"scan'208\";a=\"228059061\""],"X-ExtLoop1":"1","From":"=?utf-8?q?Ilpo_J=C3=A4rvinen?= ","Date":"Fri, 10 Apr 2026 14:04:16 +0300 (EEST)","To":"=?iso-8859-2?q?Krzysztof_Wilczy=F1ski?= ","cc":"Bjorn Helgaas , Bjorn Helgaas ,\n Manivannan Sadhasivam ,\n Lorenzo Pieralisi ,\n Magnus Lindholm , Matt Turner ,\n Richard Henderson ,\n Christophe Leroy ,\n Madhavan Srinivasan ,\n Michael Ellerman , Nicholas Piggin ,\n Dexuan Cui ,\n =?iso-8859-2?q?Krzysztof_Ha=B3asa?= ,\n Lukas Wunner , Oliver O'Halloran ,\n Saurabh Singh Sengar ,\n Shuan He ,\n Srivatsa Bhat , linux-pci@vger.kernel.org,\n linux-alpha@vger.kernel.org, linuxppc-dev@lists.ozlabs.org","Subject":"Re: [PATCH 10/20] alpha/PCI: Add security_locked_down() check to\n pci_mmap_resource()","In-Reply-To":"<20260410055040.39233-11-kwilczynski@kernel.org>","Message-ID":"<93f81aa9-ce74-92bb-5227-d2ccb0a3e06c@linux.intel.com>","References":"<20260410055040.39233-1-kwilczynski@kernel.org>\n <20260410055040.39233-11-kwilczynski@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"8323328-1107943852-1775819056=:1195\""}},{"id":3675814,"web_url":"http://patchwork.ozlabs.org/comment/3675814/","msgid":"<20260410111003.GA1750802@rocinante>","list_archive_url":null,"date":"2026-04-10T11:10:03","subject":"Re: [PATCH 10/20] alpha/PCI: Add security_locked_down() check to\n pci_mmap_resource()","submitter":{"id":86709,"url":"http://patchwork.ozlabs.org/api/people/86709/","name":"Krzysztof Wilczyński","email":"kwilczynski@kernel.org"},"content":"Hello,\n\n> > Currently, Alpha's pci_mmap_resource() does not check\n> > security_locked_down(LOCKDOWN_PCI_ACCESS) before allowing\n> > userspace to mmap PCI BARs.\n> > \n> > The generic version has had this check since commit eb627e17727e\n> > (\"PCI: Lock down BAR access when the kernel is locked down\") to\n> > prevent DMA attacks when the kernel is locked down.\n> > \n> > Add the same check to Alpha's pci_mmap_resource().\n> > \n> > Signed-off-by: Krzysztof Wilczyński \n> \n> Maybe add Fixes: eb627e17727e ...\n\nGood call, will do!\n\nThank you!\n\n\tKrzysztof","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=HfvGo9op;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=linux-pci+bounces-52296-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"HfvGo9op\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsYxG0l3Zz1yGb\n\tfor ; Fri, 10 Apr 2026 21:10:10 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 651A8302962D\n\tfor ; Fri, 10 Apr 2026 11:10:07 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 2F54F3B775A;\n\tFri, 10 Apr 2026 11:10:06 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AA0C3B7742;\n\tFri, 10 Apr 2026 11:10:05 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 2F97AC19421;\n\tFri, 10 Apr 2026 11:10:05 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775819406; cv=none;\n b=SdAzPoR3Qku/uXxWfQ0qTMGDUJgKDAW6/zPilGepPE/9kufcAbNaoWe6Hh18dJ/w14Ds12h7RL+mZ/fswGsOsdtcDyL4F1aJCuEKGj9GWWRaR91jLmd8mCkuukUUbbitD1CyXa44K5Li4V3IZT7oq07rcQIyTsVpiwAom68+E/c=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775819406; c=relaxed/simple;\n\tbh=J9CQoX7GTnEen2B2gzOk+uOsLwI3v0SjpCO+RqDM+0I=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=se2oZAZG8BgS3jyu0m8b+dspBv7puDhKtTcLYxHqF1kFNMT0nZTAPHpIAaUv/VNKLK8W7sxo6muZUY0i3JN1MKnaRdglnqKui7tHl0NXCHIhnlbcd6P8iERChs+Lbl0KwBLkuCIvnthvA6y+8E4QYqlO/56N3XYlyQWYDgxdMso=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=HfvGo9op; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1775819405;\n\tbh=J9CQoX7GTnEen2B2gzOk+uOsLwI3v0SjpCO+RqDM+0I=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=HfvGo9opSrGDxa/afsb88WuMvZhMT79PSWGaCkUCXr+PWuyTIlqzJku/vQIfjwWzL\n\t j2vA53DlizDMUF4zGV35/RZldLiqoGohXZq6jnSNOk01PxuBBZUCXkjRNlagG6ky4a\n\t MXb0vT3zawPDmi/1awFBO/99cerh8h1xZTxJfColV8aXphUT0XSSO0DLJkexxwh2ga\n\t ppeWV2HjA3itU5agbnn2tKpIsJPnDq3FnXy/j0/yEbBbFZes7bKtcmd5SIU0SXLjYM\n\t zOiNgiowSHB/nNlZglFxRlfwkT6zSGpE8Db96Qj+Mhs5V1Kpl2dpMBp08WZXhKF6/3\n\t Bvk2bfIBUQynQ==","Date":"Fri, 10 Apr 2026 20:10:03 +0900","From":"Krzysztof =?utf-8?q?Wilczy=C5=84ski?= ","To":"Ilpo =?utf-8?b?SsOkcnZpbmVu?= ","Cc":"Bjorn Helgaas , Bjorn Helgaas ,\n Manivannan Sadhasivam ,\n Lorenzo Pieralisi ,\n Magnus Lindholm , Matt Turner ,\n Richard Henderson ,\n Christophe Leroy ,\n Madhavan Srinivasan ,\n Michael Ellerman , Nicholas Piggin ,\n Dexuan Cui ,\n Krzysztof =?utf-8?q?Ha=C5=82asa?= ,\n Lukas Wunner , Oliver O'Halloran ,\n Saurabh Singh Sengar ,\n Shuan He , Srivatsa Bhat ,\n linux-pci@vger.kernel.org, linux-alpha@vger.kernel.org,\n linuxppc-dev@lists.ozlabs.org","Subject":"Re: [PATCH 10/20] alpha/PCI: Add security_locked_down() check to\n pci_mmap_resource()","Message-ID":"<20260410111003.GA1750802@rocinante>","References":"<20260410055040.39233-1-kwilczynski@kernel.org>\n <20260410055040.39233-11-kwilczynski@kernel.org>\n <93f81aa9-ce74-92bb-5227-d2ccb0a3e06c@linux.intel.com>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<93f81aa9-ce74-92bb-5227-d2ccb0a3e06c@linux.intel.com>"}}]