From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E15A9C433E0 for ; Fri, 15 May 2020 11:58:15 +0000 (UTC) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A70E4206D4 for ; Fri, 15 May 2020 11:58:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A70E4206D4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=8bytes.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=iommu-bounces@lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 78C3688CE2; Fri, 15 May 2020 11:58:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ttaRFltpa6jq; Fri, 15 May 2020 11:58:09 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 8EC1F88DC6; Fri, 15 May 2020 11:58:09 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 88F92C0859; Fri, 15 May 2020 11:58:09 +0000 (UTC) Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 38FC0C016F for ; Fri, 15 May 2020 11:58:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 1126F2E74A for ; Fri, 15 May 2020 11:58:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWWCoTi3B05U for ; Fri, 15 May 2020 11:58:03 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from theia.8bytes.org (8bytes.org [81.169.241.247]) by silver.osuosl.org (Postfix) with ESMTPS id F26E92E2C4 for ; Fri, 15 May 2020 11:58:02 +0000 (UTC) Received: by theia.8bytes.org (Postfix, from userid 1000) id 56097379; Fri, 15 May 2020 13:57:59 +0200 (CEST) Date: Fri, 15 May 2020 13:57:58 +0200 From: Joerg Roedel To: Jean-Philippe Brucker Subject: Re: [PATCH 1/4] PCI/ATS: Only enable ATS for trusted devices Message-ID: <20200515115757.GT18353@8bytes.org> References: <20200515104359.1178606-1-jean-philippe@linaro.org> <20200515104359.1178606-2-jean-philippe@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200515104359.1178606-2-jean-philippe@linaro.org> User-Agent: Mutt/1.10.1 (2018-07-13) Cc: alex.williamson@redhat.com, ashok.raj@intel.com, linux-pci@vger.kernel.org, robin.murphy@arm.com, iommu@lists.linux-foundation.org, bhelgaas@google.com, will@kernel.org, dwmw2@infradead.org, linux-arm-kernel@lists.infradead.org X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: iommu-bounces@lists.linux-foundation.org Sender: "iommu" Hi Jean-Philippe, thanks for doing this! On Fri, May 15, 2020 at 12:43:59PM +0200, Jean-Philippe Brucker wrote: > Add pci_ats_supported(), which checks whether a device has an ATS > capability, and whether it is trusted. A device is untrusted if it is > plugged into an external-facing port such as Thunderbolt and could be > spoof an existing device to exploit weaknesses in the IOMMU > configuration. PCIe ATS is one such weaknesses since it allows > endpoints to cache IOMMU translations and emit transactions with > 'Translated' Address Type (10b) that partially bypass the IOMMU > translation. > > The SMMUv3 and VT-d IOMMU drivers already disallow ATS and transactions > with 'Translated' Address Type for untrusted devices. Add the check to > pci_enable_ats() to let other drivers (AMD IOMMU for now) benefit from > it. > > By checking ats_cap, the pci_ats_supported() helper also returns whether > ATS was globally disabled with pci=noats, and could later include more > things, for example whether the whole PCIe hierarchy down to the > endpoint supports ATS. > > Signed-off-by: Jean-Philippe Brucker > --- > include/linux/pci-ats.h | 3 +++ > drivers/pci/ats.c | 18 +++++++++++++++++- > 2 files changed, 20 insertions(+), 1 deletion(-) > > diff --git a/include/linux/pci-ats.h b/include/linux/pci-ats.h > index d08f0869f1213e..f75c307f346de9 100644 > --- a/include/linux/pci-ats.h > +++ b/include/linux/pci-ats.h > @@ -6,11 +6,14 @@ > > #ifdef CONFIG_PCI_ATS > /* Address Translation Service */ > +bool pci_ats_supported(struct pci_dev *dev); > int pci_enable_ats(struct pci_dev *dev, int ps); > void pci_disable_ats(struct pci_dev *dev); > int pci_ats_queue_depth(struct pci_dev *dev); > int pci_ats_page_aligned(struct pci_dev *dev); > #else /* CONFIG_PCI_ATS */ > +static inline bool pci_ats_supported(struct pci_dev *d) > +{ return false; } > static inline int pci_enable_ats(struct pci_dev *d, int ps) > { return -ENODEV; } > static inline void pci_disable_ats(struct pci_dev *d) { } > diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c > index 390e92f2d8d1fc..15fa0c37fd8e44 100644 > --- a/drivers/pci/ats.c > +++ b/drivers/pci/ats.c > @@ -30,6 +30,22 @@ void pci_ats_init(struct pci_dev *dev) > dev->ats_cap = pos; > } > > +/** > + * pci_ats_supported - check if the device can use ATS > + * @dev: the PCI device > + * > + * Returns true if the device supports ATS and is allowed to use it, false > + * otherwise. > + */ > +bool pci_ats_supported(struct pci_dev *dev) > +{ > + if (!dev->ats_cap) > + return false; > + > + return !dev->untrusted; dev->untrusted is an 'unsigned int :1', so while this works I would prefer 'return (dev->untrusted == 0);' here, to be more type-safe. With that changed: Reviewed-by: Joerg Roedel > +} > +EXPORT_SYMBOL_GPL(pci_ats_supported); > + > /** > * pci_enable_ats - enable the ATS capability > * @dev: the PCI device > @@ -42,7 +58,7 @@ int pci_enable_ats(struct pci_dev *dev, int ps) > u16 ctrl; > struct pci_dev *pdev; > > - if (!dev->ats_cap) > + if (!pci_ats_supported(dev)) > return -EINVAL; > > if (WARN_ON(dev->ats_enabled)) > -- > 2.26.2 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu