From: Joerg Roedel <joro@8bytes.org>
To: Jean-Philippe Brucker <jean-philippe@linaro.org>
Cc: alex.williamson@redhat.com, ashok.raj@intel.com,
linux-pci@vger.kernel.org, robin.murphy@arm.com,
iommu@lists.linux-foundation.org, bhelgaas@google.com,
will@kernel.org, dwmw2@infradead.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/4] PCI/ATS: Only enable ATS for trusted devices
Date: Fri, 15 May 2020 13:57:58 +0200 [thread overview]
Message-ID: <20200515115757.GT18353@8bytes.org> (raw)
In-Reply-To: <20200515104359.1178606-2-jean-philippe@linaro.org>
Hi Jean-Philippe,
thanks for doing this!
On Fri, May 15, 2020 at 12:43:59PM +0200, Jean-Philippe Brucker wrote:
> Add pci_ats_supported(), which checks whether a device has an ATS
> capability, and whether it is trusted. A device is untrusted if it is
> plugged into an external-facing port such as Thunderbolt and could be
> spoof an existing device to exploit weaknesses in the IOMMU
> configuration. PCIe ATS is one such weaknesses since it allows
> endpoints to cache IOMMU translations and emit transactions with
> 'Translated' Address Type (10b) that partially bypass the IOMMU
> translation.
>
> The SMMUv3 and VT-d IOMMU drivers already disallow ATS and transactions
> with 'Translated' Address Type for untrusted devices. Add the check to
> pci_enable_ats() to let other drivers (AMD IOMMU for now) benefit from
> it.
>
> By checking ats_cap, the pci_ats_supported() helper also returns whether
> ATS was globally disabled with pci=noats, and could later include more
> things, for example whether the whole PCIe hierarchy down to the
> endpoint supports ATS.
>
> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> ---
> include/linux/pci-ats.h | 3 +++
> drivers/pci/ats.c | 18 +++++++++++++++++-
> 2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/pci-ats.h b/include/linux/pci-ats.h
> index d08f0869f1213e..f75c307f346de9 100644
> --- a/include/linux/pci-ats.h
> +++ b/include/linux/pci-ats.h
> @@ -6,11 +6,14 @@
>
> #ifdef CONFIG_PCI_ATS
> /* Address Translation Service */
> +bool pci_ats_supported(struct pci_dev *dev);
> int pci_enable_ats(struct pci_dev *dev, int ps);
> void pci_disable_ats(struct pci_dev *dev);
> int pci_ats_queue_depth(struct pci_dev *dev);
> int pci_ats_page_aligned(struct pci_dev *dev);
> #else /* CONFIG_PCI_ATS */
> +static inline bool pci_ats_supported(struct pci_dev *d)
> +{ return false; }
> static inline int pci_enable_ats(struct pci_dev *d, int ps)
> { return -ENODEV; }
> static inline void pci_disable_ats(struct pci_dev *d) { }
> diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c
> index 390e92f2d8d1fc..15fa0c37fd8e44 100644
> --- a/drivers/pci/ats.c
> +++ b/drivers/pci/ats.c
> @@ -30,6 +30,22 @@ void pci_ats_init(struct pci_dev *dev)
> dev->ats_cap = pos;
> }
>
> +/**
> + * pci_ats_supported - check if the device can use ATS
> + * @dev: the PCI device
> + *
> + * Returns true if the device supports ATS and is allowed to use it, false
> + * otherwise.
> + */
> +bool pci_ats_supported(struct pci_dev *dev)
> +{
> + if (!dev->ats_cap)
> + return false;
> +
> + return !dev->untrusted;
dev->untrusted is an 'unsigned int :1', so while this works I would
prefer 'return (dev->untrusted == 0);' here, to be more type-safe.
With that changed:
Reviewed-by: Joerg Roedel <jroedel@suse.de>
> +}
> +EXPORT_SYMBOL_GPL(pci_ats_supported);
> +
> /**
> * pci_enable_ats - enable the ATS capability
> * @dev: the PCI device
> @@ -42,7 +58,7 @@ int pci_enable_ats(struct pci_dev *dev, int ps)
> u16 ctrl;
> struct pci_dev *pdev;
>
> - if (!dev->ats_cap)
> + if (!pci_ats_supported(dev))
> return -EINVAL;
>
> if (WARN_ON(dev->ats_enabled))
> --
> 2.26.2
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-05-15 11:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 10:43 [PATCH 0/4] PCI, iommu: Factor 'untrusted' check for ATS enablement Jean-Philippe Brucker
2020-05-15 10:43 ` [PATCH 1/4] PCI/ATS: Only enable ATS for trusted devices Jean-Philippe Brucker
2020-05-15 11:57 ` Joerg Roedel [this message]
2020-05-15 21:18 ` Bjorn Helgaas
2020-05-15 10:44 ` [PATCH 2/4] iommu/amd: Use pci_ats_supported() Jean-Philippe Brucker
2020-05-15 12:01 ` Joerg Roedel
2020-05-15 12:11 ` Jean-Philippe Brucker
2020-05-15 12:21 ` Joerg Roedel
2020-05-15 10:44 ` [PATCH 3/4] iommu/arm-smmu-v3: " Jean-Philippe Brucker
2020-05-18 15:37 ` Will Deacon
2020-05-15 10:44 ` [PATCH 4/4] iommu/vt-d: " Jean-Philippe Brucker
2020-05-15 15:43 ` [PATCH 0/4] PCI, iommu: Factor 'untrusted' check for ATS enablement Christoph Hellwig
2020-05-15 17:19 ` Raj, Ashok
2020-05-15 17:21 ` Will Deacon
2020-05-18 15:47 ` David Woodhouse
2020-05-18 16:29 ` Raj, Ashok
2020-05-18 16:36 ` Jean-Philippe Brucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200515115757.GT18353@8bytes.org \
--to=joro@8bytes.org \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=bhelgaas@google.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-pci@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).