From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Rajat Jain <rajatja@google.com>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>,
Christoph Hellwig <hch@infradead.org>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>,
Bjorn Helgaas <bhelgaas@google.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Len Brown <lenb@kernel.org>,
iommu@lists.linux-foundation.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-pci <linux-pci@vger.kernel.org>,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>,
Raj Ashok <ashok.raj@intel.com>,
"Krishnakumar,
Lalithambika" <lalithambika.krishnakumar@intel.com>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Prashant Malani <pmalani@google.com>,
Benson Leung <bleung@google.com>, Todd Broch <tbroch@google.com>,
Alex Levin <levinale@google.com>,
Mattias Nissler <mnissler@google.com>,
Rajat Jain <rajatxjain@gmail.com>,
Bernie Keany <bernie.keany@intel.com>,
Aaron Durbin <adurbin@google.com>,
Diego Rivas <diegorivas@google.com>,
Duncan Laurie <dlaurie@google.com>,
Furquan Shaikh <furquan@google.com>,
Jesse Barnes <jsbarnes@google.com>,
Christian Kellner <christian@kellner.me>,
Alex Williamson <alex.williamson@redhat.com>,
Oliver O'Halloran <oohall@gmail.com>
Subject: Re: [PATCH 4/4] pci: export untrusted attribute in sysfs
Date: Thu, 18 Jun 2020 18:02:12 +0200 [thread overview]
Message-ID: <20200618160212.GB3076467@kroah.com> (raw)
In-Reply-To: <CACK8Z6F2Ssj=EqhR2DZ114ETgQ-3PhzVi2rm2xxenCNOVH=60g@mail.gmail.com>
On Thu, Jun 18, 2020 at 08:03:49AM -0700, Rajat Jain wrote:
> Hello,
>
> On Thu, Jun 18, 2020 at 2:14 AM Andy Shevchenko
> <andy.shevchenko@gmail.com> wrote:
> >
> > On Thu, Jun 18, 2020 at 11:36 AM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Thu, Jun 18, 2020 at 11:12:56AM +0300, Andy Shevchenko wrote:
> > > > On Wed, Jun 17, 2020 at 10:56 PM Rajat Jain <rajatja@google.com> wrote:
> > > > > On Wed, Jun 17, 2020 at 12:31 AM Christoph Hellwig <hch@infradead.org> wrote:
> > > >
> > > > ...
> > > >
> > > > > (and likely call it "external" instead of "untrusted".
> > > >
> > > > Which is not okay. 'External' to what? 'untrusted' has been carefully
> > > > chosen by the meaning of it.
> > > > What external does mean for M.2. WWAN card in my laptop? It's in ACPI
> > > > tables, but I can replace it.
> > >
> > > Then your ACPI tables should show this, there is an attribute for it,
> > > right?
> >
> > There is a _PLD() method, but it's for the USB devices (or optional
> > for others, I don't remember by heart). So, most of the ACPI tables,
> > alas, don't show this.
> >
> > > > This is only one example. Or if firmware of some device is altered,
> > > > and it's internal (whatever it means) is it trusted or not?
> > >
> > > That is what people are using policy for today, if you object to this,
> > > please bring it up to those developers :)
> >
> > > > So, please leave it as is (I mean name).
> > >
> > > firmware today exports this attribute, why do you not want userspace to
> > > also know it?
>
> To clarify, the attribute exposed by the firmware today is
> "ExternalFacingPort" and "external-facing" respectively:
>
> 617654aae50e ("PCI / ACPI: Identify untrusted PCI devices")
> 9cb30a71ac45d("PCI: OF: Support "external-facing" property")
>
> The kernel flag was named "untrusted" though, hence the assumption
> that "external=untrusted" is currently baked into the kernel today.
> IMHO, using "external" would fix that (The assumption can thus be
> contained in the IOMMU drivers) and at the same time allow more use of
> this attribute.
>
> > >
> > > Trust is different, yes, don't get the two mixed up please. That should
> > > be a different sysfs attribute for obvious reasons.
> >
> > Yes, as a bottom line that's what I meant as well.
>
> So what is the consensus here? I don't have a strong opinion - but it
> seemed to me Greg is saying "external" and Andy is saying "untrusted"?
Those two things are totally separate things when it comes to a device.
One (external) describes the location of the device in the system.
The other (untrusted) describes what you want the kernel to do with this
device (trust or not trust it).
One you can change (from trust to untrusted or back), the other you can
not, it is a fixed read-only property that describes the hardware device
as defined by the firmware.
Depending on the policy you wish to define, you can use the location of
the device to determine if you want to trust the device or not.
Again, this is what USB does, but I'm getting really tired of saying
this, so I'm going to stop now...
greg k-h
next prev parent reply other threads:[~2020-06-18 16:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-16 1:17 [PATCH 1/4] pci: Keep the ACS capability offset in device Rajat Jain
2020-06-16 1:17 ` [PATCH 2/4] pci: set "untrusted" flag for truly external devices only Rajat Jain
2020-06-16 9:07 ` Mika Westerberg
2020-06-16 1:17 ` [PATCH 3/4] pci: acs: Enable PCI_ACS_TB for untrusted/external-facing devices Rajat Jain
2020-06-19 16:10 ` Raj, Ashok
2020-06-22 23:01 ` Rajat Jain
2020-06-16 1:17 ` [PATCH 4/4] pci: export untrusted attribute in sysfs Rajat Jain
2020-06-16 5:57 ` Greg Kroah-Hartman
2020-06-16 7:32 ` Christoph Hellwig
2020-06-16 19:27 ` Rajat Jain
2020-06-17 7:31 ` Christoph Hellwig
2020-06-17 19:53 ` Rajat Jain
2020-06-18 6:18 ` Greg Kroah-Hartman
2020-06-18 8:12 ` Andy Shevchenko
2020-06-18 8:36 ` Greg Kroah-Hartman
2020-06-18 9:14 ` Andy Shevchenko
2020-06-18 14:56 ` Greg Kroah-Hartman
2020-06-18 15:03 ` Rajat Jain
2020-06-18 15:39 ` Andy Shevchenko
2020-06-18 16:02 ` Greg Kroah-Hartman [this message]
2020-06-18 16:23 ` Raj, Ashok
2020-06-18 17:23 ` Rajat Jain
2020-06-18 18:46 ` Greg Kroah-Hartman
2020-06-18 23:58 ` Rajat Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200618160212.GB3076467@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=adurbin@google.com \
--cc=alex.williamson@redhat.com \
--cc=andy.shevchenko@gmail.com \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bernie.keany@intel.com \
--cc=bhelgaas@google.com \
--cc=bleung@google.com \
--cc=christian@kellner.me \
--cc=diegorivas@google.com \
--cc=dlaurie@google.com \
--cc=dwmw2@infradead.org \
--cc=furquan@google.com \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jsbarnes@google.com \
--cc=lalithambika.krishnakumar@intel.com \
--cc=lenb@kernel.org \
--cc=levinale@google.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=mnissler@google.com \
--cc=oohall@gmail.com \
--cc=pmalani@google.com \
--cc=rajatja@google.com \
--cc=rajatxjain@gmail.com \
--cc=rjw@rjwysocki.net \
--cc=tbroch@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).