From dec441d32a9a1e4a891ccda3356cac61cc1ffe79 Mon Sep 17 00:00:00 2001 From: Alison Schofield <alison.schofield@intel.com> Date: Tue, 18 Apr 2023 10:39:02 -0700 Subject: cxl/mbox: Restrict poison cmds to debugfs cxl_raw_allow_all The Get, Inject, and Clear poison commands are not available for direct user access because they require kernel driver controls to perform safely. Further restrict access to these commands by requiring the selection of the debugfs attribute 'cxl_raw_allow_all' to enable in raw mode. Signed-off-by: Alison Schofield <alison.schofield@intel.com> Link: https://lore.kernel.org/r/0e5cb41ffae2bab800957d3b9003eedfd0a2dfd5.1681838291.git.alison.schofield@intel.com Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Tested-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> --- drivers/cxl/core/mbox.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/cxl') diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 938cff2c948e..fd1026970d3a 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -82,6 +82,9 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = { * * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that * is kept up to date with patrol notifications and error management. + * + * CXL_MBOX_OP_[GET_,INJECT_,CLEAR_]POISON: These commands require kernel + * driver orchestration for safety. */ static u16 cxl_disabled_raw_commands[] = { CXL_MBOX_OP_ACTIVATE_FW, @@ -90,6 +93,9 @@ static u16 cxl_disabled_raw_commands[] = { CXL_MBOX_OP_SET_SHUTDOWN_STATE, CXL_MBOX_OP_SCAN_MEDIA, CXL_MBOX_OP_GET_SCAN_MEDIA, + CXL_MBOX_OP_GET_POISON, + CXL_MBOX_OP_INJECT_POISON, + CXL_MBOX_OP_CLEAR_POISON, }; /* -- cgit v1.2.3