On Tue, Sep 7, 2021 at 9:47 PM Paul Moore paul@paul-moore.com wrote:
On Tue, Sep 7, 2021 at 1:39 PM Dan Williams dan.j.williams@intel.com wrote:
On Fri, Sep 3, 2021 at 8:57 PM Paul Moore paul@paul-moore.com wrote:
On Fri, Sep 3, 2021 at 10:20 PM Dan Williams dan.j.williams@intel.com wrote:
A proposed rework of security_locked_down() users identified that the cxl_pci driver was passing the wrong lockdown_reason. Update cxl_mem_raw_command_allowed() to fail raw command access when raw pci access is also disabled.
Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command") Cc: Ben Widawsky ben.widawsky@intel.com Cc: Jonathan Cameron Jonathan.Cameron@huawei.com Cc: stable@vger.kernel.org Cc: Ondrej Mosnacek omosnace@redhat.com Cc: Paul Moore paul@paul-moore.com Signed-off-by: Dan Williams dan.j.williams@intel.com
drivers/cxl/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Hi Dan,
Thanks for fixing this up. Would you mind if this was included in Ondrej's patchset, or would you prefer to merge it via another tree (e.g. cxl)?
I was planning to merge this via the cxl tree for v5.15-rc1.
Okay, thanks.
And I can see the patch is now in Linus' tree, so if Paul agrees I'll rebase the patch on top of v5.15-rc1 once it's tagged and do one more respin. There are a few other minor conflicts and one new security_locked_down() call to cover, anyway.
Dan, is it okay if I preserve your Acked-by from the last version? There will be no other change in the cxl area than rebasing on top of this patch.
Thank you for taking care of the fix!
-- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.