From: Robin Murphy <robin.murphy@arm.com>
To: andreas.noever@gmail.com, michael.jamet@intel.com,
mika.westerberg@linux.intel.com, YehezkelShB@gmail.com
Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
iommu@lists.linux-foundation.org, mario.limonciello@amd.com,
hch@lst.de
Subject: [PATCH] thunderbolt: Stop using iommu_present()
Date: Wed, 16 Mar 2022 11:25:51 +0000 [thread overview]
Message-ID: <b4356b228db9cb88d12db6559e28714ce26e022e.1647429348.git.robin.murphy@arm.com> (raw)
Even if an IOMMU might be present for some PCI segment in the system,
that doesn't necessarily mean it provides translation for the device
we care about. Furthermore, the presence or not of one firmware flag
doesn't imply anything about the IOMMU driver's behaviour, which may
still depend on other firmware properties and kernel options too. What
actually matters is whether an IOMMU is enforcing protection for our
device - regardless of whether that stemmed from firmware policy, kernel
config, or user control - at the point we need to decide whether to
authorise it. We can ascertain that generically by simply looking at
whether we're currently attached to a translation domain or not.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
---
I don't have the means to test this, but I'm at least 80% confident
in my unpicking of the structures to retrieve the correct device...
drivers/thunderbolt/domain.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 7018d959f775..5f5fc5f6a09b 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -257,13 +257,14 @@ static ssize_t iommu_dma_protection_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
+ struct tb *tb = container_of(dev, struct tb, dev);
+ struct iommu_domain *iod = iommu_get_domain_for_dev(&tb->nhi->pdev->dev);
/*
* Kernel DMA protection is a feature where Thunderbolt security is
* handled natively using IOMMU. It is enabled when IOMMU is
- * enabled and ACPI DMAR table has DMAR_PLATFORM_OPT_IN set.
+ * enabled and actively enforcing translation.
*/
- return sprintf(buf, "%d\n",
- iommu_present(&pci_bus_type) && dmar_platform_optin());
+ return sprintf(buf, "%d\n", iod && iod->type != IOMMU_DOMAIN_IDENTITY);
}
static DEVICE_ATTR_RO(iommu_dma_protection);
--
2.28.0.dirty
WARNING: multiple messages have this Message-ID (diff)
From: Robin Murphy <robin.murphy@arm.com>
To: andreas.noever@gmail.com, michael.jamet@intel.com,
mika.westerberg@linux.intel.com, YehezkelShB@gmail.com
Cc: iommu@lists.linux-foundation.org, linux-usb@vger.kernel.org,
hch@lst.de, linux-kernel@vger.kernel.org,
mario.limonciello@amd.com
Subject: [PATCH] thunderbolt: Stop using iommu_present()
Date: Wed, 16 Mar 2022 11:25:51 +0000 [thread overview]
Message-ID: <b4356b228db9cb88d12db6559e28714ce26e022e.1647429348.git.robin.murphy@arm.com> (raw)
Even if an IOMMU might be present for some PCI segment in the system,
that doesn't necessarily mean it provides translation for the device
we care about. Furthermore, the presence or not of one firmware flag
doesn't imply anything about the IOMMU driver's behaviour, which may
still depend on other firmware properties and kernel options too. What
actually matters is whether an IOMMU is enforcing protection for our
device - regardless of whether that stemmed from firmware policy, kernel
config, or user control - at the point we need to decide whether to
authorise it. We can ascertain that generically by simply looking at
whether we're currently attached to a translation domain or not.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
---
I don't have the means to test this, but I'm at least 80% confident
in my unpicking of the structures to retrieve the correct device...
drivers/thunderbolt/domain.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 7018d959f775..5f5fc5f6a09b 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -257,13 +257,14 @@ static ssize_t iommu_dma_protection_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
+ struct tb *tb = container_of(dev, struct tb, dev);
+ struct iommu_domain *iod = iommu_get_domain_for_dev(&tb->nhi->pdev->dev);
/*
* Kernel DMA protection is a feature where Thunderbolt security is
* handled natively using IOMMU. It is enabled when IOMMU is
- * enabled and ACPI DMAR table has DMAR_PLATFORM_OPT_IN set.
+ * enabled and actively enforcing translation.
*/
- return sprintf(buf, "%d\n",
- iommu_present(&pci_bus_type) && dmar_platform_optin());
+ return sprintf(buf, "%d\n", iod && iod->type != IOMMU_DOMAIN_IDENTITY);
}
static DEVICE_ATTR_RO(iommu_dma_protection);
--
2.28.0.dirty
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next reply other threads:[~2022-03-16 11:26 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-16 11:25 Robin Murphy [this message]
2022-03-16 11:25 ` [PATCH] thunderbolt: Stop using iommu_present() Robin Murphy
2022-03-16 12:45 ` Mika Westerberg
2022-03-16 12:45 ` Mika Westerberg
2022-03-16 14:49 ` Robin Murphy
2022-03-16 14:49 ` Robin Murphy
2022-03-16 17:18 ` Mika Westerberg
2022-03-16 17:18 ` Mika Westerberg
2022-03-16 17:24 ` Limonciello, Mario
2022-03-16 17:24 ` Limonciello, Mario via iommu
2022-03-16 17:37 ` Mika Westerberg
2022-03-16 17:37 ` Mika Westerberg
2022-03-16 17:49 ` Robin Murphy
2022-03-16 17:49 ` Robin Murphy
2022-03-16 17:53 ` Limonciello, Mario
2022-03-16 17:53 ` Limonciello, Mario via iommu
2022-03-16 18:08 ` Limonciello, Mario
2022-03-16 18:08 ` Limonciello, Mario via iommu
2022-03-16 18:22 ` Robin Murphy
2022-03-16 18:22 ` Robin Murphy
2022-03-16 18:34 ` Limonciello, Mario
2022-03-16 18:34 ` Limonciello, Mario via iommu
2022-03-16 19:17 ` Robin Murphy
2022-03-16 19:17 ` Robin Murphy
2022-03-16 19:25 ` Limonciello, Mario
2022-03-16 19:25 ` Limonciello, Mario via iommu
2022-03-17 8:08 ` Mika Westerberg
2022-03-17 8:08 ` Mika Westerberg
2022-03-17 13:42 ` Robin Murphy
2022-03-17 13:42 ` Robin Murphy
2022-03-17 14:21 ` Mika Westerberg
2022-03-17 14:21 ` Mika Westerberg
2022-03-17 6:30 ` Mika Westerberg
2022-03-17 6:30 ` Mika Westerberg
2022-03-16 14:49 ` Limonciello, Mario
2022-03-16 14:49 ` Limonciello, Mario via iommu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4356b228db9cb88d12db6559e28714ce26e022e.1647429348.git.robin.murphy@arm.com \
--to=robin.murphy@arm.com \
--cc=YehezkelShB@gmail.com \
--cc=andreas.noever@gmail.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=michael.jamet@intel.com \
--cc=mika.westerberg@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.