Commit dec441d3 authored Apr 18, 2023 by Alison Schofield Committed by Dan Williams Apr 23, 2023

cxl/mbox: Restrict poison cmds to debugfs cxl_raw_allow_all

The Get, Inject, and Clear poison commands are not available for
direct user access because they require kernel driver controls to
perform safely.

Further restrict access to these commands by requiring the selection
of the debugfs attribute 'cxl_raw_allow_all' to enable in raw mode.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Link: https://lore.kernel.org/r/0e5cb41ffae2bab800957d3b9003eedfd0a2dfd5.1681838291.git.alison.schofield@intel.com

Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Tested-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

parent 3db166d6

drivers/cxl/core/mbox.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -82,6 +82,9 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
		*
		* CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
		* is kept up to date with patrol notifications and error management.
		*
		* CXL_MBOX_OP_[GET_,INJECT_,CLEAR_]POISON: These commands require kernel
		* driver orchestration for safety.
		*/
		static u16 cxl_disabled_raw_commands[] = {
		CXL_MBOX_OP_ACTIVATE_FW,
		@@ -90,6 +93,9 @@ static u16 cxl_disabled_raw_commands[] = {
		CXL_MBOX_OP_SET_SHUTDOWN_STATE,
		CXL_MBOX_OP_SCAN_MEDIA,
		CXL_MBOX_OP_GET_SCAN_MEDIA,
		CXL_MBOX_OP_GET_POISON,
		CXL_MBOX_OP_INJECT_POISON,
		CXL_MBOX_OP_CLEAR_POISON,
		};

		/*