From: Rajat Jain <rajatja@google.com>
To: David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>,
Bjorn Helgaas <bhelgaas@google.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Len Brown <lenb@kernel.org>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org, linux-acpi@vger.kernel.org,
Raj Ashok <ashok.raj@intel.com>,
lalithambika.krishnakumar@intel.com,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Prashant Malani <pmalani@google.com>,
Benson Leung <bleung@google.com>, Todd Broch <tbroch@google.com>,
Alex Levin <levinale@google.com>,
Mattias Nissler <mnissler@google.com>,
Rajat Jain <rajatxjain@gmail.com>,
Bernie Keany <bernie.keany@intel.com>,
Aaron Durbin <adurbin@google.com>,
Diego Rivas <diegorivas@google.com>,
Duncan Laurie <dlaurie@google.com>,
Furquan Shaikh <furquan@google.com>,
Jesse Barnes <jsbarnes@google.com>,
Christian Kellner <christian@kellner.me>,
Alex Williamson <alex.williamson@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
oohall@gmail.com, Saravana Kannan <saravanak@google.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Arnd Bergmann <arnd@arndb.de>,
Heikki Krogerus <heikki.krogerus@linux.intel.com>
Cc: Rajat Jain <rajatja@google.com>
Subject: [PATCH v2 2/7] PCI: Set "untrusted" flag for truly external devices only
Date: Mon, 29 Jun 2020 21:49:38 -0700 [thread overview]
Message-ID: <20200630044943.3425049-3-rajatja@google.com> (raw)
In-Reply-To: <20200630044943.3425049-1-rajatja@google.com>
The "ExternalFacing" devices (root ports) are still internal devices that
sit on the internal system fabric and thus trusted. Currently they were
being marked untrusted.
This patch uses the platform flag to identify the external facing devices
and then use it to mark any downstream devices as "untrusted". The
external-facing devices themselves are left as "trusted". This was
discussed here: https://lkml.org/lkml/2020/6/10/1049
Signed-off-by: Rajat Jain <rajatja@google.com>
---
v2: cosmetic changes in commit log
drivers/iommu/intel/iommu.c | 2 +-
drivers/pci/of.c | 2 +-
drivers/pci/pci-acpi.c | 13 +++++++------
drivers/pci/probe.c | 2 +-
include/linux/pci.h | 8 ++++++++
5 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index d759e7234e982..1ccb224f82496 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -4743,7 +4743,7 @@ static inline bool has_untrusted_dev(void)
struct pci_dev *pdev = NULL;
for_each_pci_dev(pdev)
- if (pdev->untrusted)
+ if (pdev->untrusted || pdev->external_facing)
return true;
return false;
diff --git a/drivers/pci/of.c b/drivers/pci/of.c
index 27839cd2459f6..22727fc9558df 100644
--- a/drivers/pci/of.c
+++ b/drivers/pci/of.c
@@ -42,7 +42,7 @@ void pci_set_bus_of_node(struct pci_bus *bus)
} else {
node = of_node_get(bus->self->dev.of_node);
if (node && of_property_read_bool(node, "external-facing"))
- bus->self->untrusted = true;
+ bus->self->external_facing = true;
}
bus->dev.of_node = node;
diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
index 7224b1e5f2a83..492c07805caf8 100644
--- a/drivers/pci/pci-acpi.c
+++ b/drivers/pci/pci-acpi.c
@@ -1213,22 +1213,23 @@ static void pci_acpi_optimize_delay(struct pci_dev *pdev,
ACPI_FREE(obj);
}
-static void pci_acpi_set_untrusted(struct pci_dev *dev)
+static void pci_acpi_set_external_facing(struct pci_dev *dev)
{
u8 val;
- if (pci_pcie_type(dev) != PCI_EXP_TYPE_ROOT_PORT)
+ if (pci_pcie_type(dev) != PCI_EXP_TYPE_ROOT_PORT &&
+ pci_pcie_type(dev) != PCI_EXP_TYPE_DOWNSTREAM)
return;
if (device_property_read_u8(&dev->dev, "ExternalFacingPort", &val))
return;
/*
- * These root ports expose PCIe (including DMA) outside of the
- * system so make sure we treat them and everything behind as
+ * These root/down ports expose PCIe (including DMA) outside of the
+ * system so make sure we treat everything behind them as
* untrusted.
*/
if (val)
- dev->untrusted = 1;
+ dev->external_facing = 1;
}
static void pci_acpi_setup(struct device *dev)
@@ -1240,7 +1241,7 @@ static void pci_acpi_setup(struct device *dev)
return;
pci_acpi_optimize_delay(pci_dev, adev->handle);
- pci_acpi_set_untrusted(pci_dev);
+ pci_acpi_set_external_facing(pci_dev);
pci_acpi_add_edr_notifier(pci_dev);
pci_acpi_add_pm_notifier(adev, pci_dev);
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index 6d87066a5ecc5..8c40c00413e74 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1552,7 +1552,7 @@ static void set_pcie_untrusted(struct pci_dev *dev)
* untrusted as well.
*/
parent = pci_upstream_bridge(dev);
- if (parent && parent->untrusted)
+ if (parent && (parent->untrusted || parent->external_facing))
dev->untrusted = true;
}
diff --git a/include/linux/pci.h b/include/linux/pci.h
index a26be5332bba6..fe1bc603fda40 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -432,6 +432,14 @@ struct pci_dev {
* mappings to make sure they cannot access arbitrary memory.
*/
unsigned int untrusted:1;
+ /*
+ * Devices are marked as external-facing using info from platform
+ * (ACPI / devicetree). An external-facing device is still an internal
+ * trusted device, but it faces external untrusted devices. Thus any
+ * devices enumerated downstream an external-facing device is marked
+ * as untrusted.
+ */
+ unsigned int external_facing:1;
unsigned int broken_intx_masking:1; /* INTx masking can't be used */
unsigned int io_window_1k:1; /* Intel bridge 1K I/O windows */
unsigned int irq_managed:1;
--
2.27.0.212.ge8ba1cc988-goog
next prev parent reply other threads:[~2020-06-30 4:50 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-30 4:49 [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs Rajat Jain
2020-06-30 4:49 ` [PATCH v2 1/7] PCI: Keep the ACS capability offset in device Rajat Jain
2020-07-06 15:58 ` Bjorn Helgaas
2020-07-06 22:16 ` Rajat Jain
2020-07-06 23:18 ` Bjorn Helgaas
2020-06-30 4:49 ` Rajat Jain [this message]
2020-06-30 7:38 ` [PATCH v2 2/7] PCI: Set "untrusted" flag for truly external devices only Lu Baolu
2020-06-30 7:55 ` Greg Kroah-Hartman
2020-07-06 16:41 ` Bjorn Helgaas
2020-07-06 18:48 ` Greg Kroah-Hartman
2020-07-06 16:38 ` Bjorn Helgaas
2020-07-06 22:31 ` Rajat Jain
2020-07-06 23:30 ` Bjorn Helgaas
2020-07-06 23:40 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 3/7] PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices Rajat Jain
2020-07-06 16:45 ` Bjorn Helgaas
2020-07-06 23:12 ` Rajat Jain
2020-07-06 17:07 ` Bjorn Helgaas
2020-07-06 23:19 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 4/7] PCI: Add device even if driver attach failed Rajat Jain
2020-06-30 8:02 ` Greg Kroah-Hartman
2020-07-06 23:35 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 5/7] driver core: Add device location to "struct device" and expose it in sysfs Rajat Jain
2020-06-30 8:01 ` Greg Kroah-Hartman
2020-06-30 10:49 ` Heikki Krogerus
2020-06-30 12:52 ` Greg Kroah-Hartman
2020-06-30 13:00 ` Rafael J. Wysocki
2020-06-30 15:38 ` Greg Kroah-Hartman
2020-06-30 16:08 ` Rafael J. Wysocki
2020-06-30 17:00 ` Greg Kroah-Hartman
2020-07-01 18:06 ` Rajat Jain
2020-07-02 5:23 ` Oliver O'Halloran
2020-07-02 7:32 ` Greg Kroah-Hartman
2020-07-02 8:40 ` Oliver O'Halloran
2020-07-02 8:52 ` Greg Kroah-Hartman
2020-07-02 8:53 ` Greg Kroah-Hartman
2020-07-07 6:03 ` Rajat Jain
2020-06-30 17:43 ` Saravana Kannan
2020-06-30 4:49 ` [PATCH v2 6/7] PCI: Move pci_dev->untrusted logic to use device location instead Rajat Jain
2020-06-30 7:39 ` Lu Baolu
2020-06-30 4:49 ` [PATCH v2 7/7] PCI: Add parameter to disable attaching external devices Rajat Jain
2020-07-04 11:44 ` [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs Pavel Machek
2020-07-06 22:18 ` Rajat Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200630044943.3425049-3-rajatja@google.com \
--to=rajatja@google.com \
--cc=adurbin@google.com \
--cc=alex.williamson@redhat.com \
--cc=arnd@arndb.de \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bernie.keany@intel.com \
--cc=bhelgaas@google.com \
--cc=bleung@google.com \
--cc=christian@kellner.me \
--cc=diegorivas@google.com \
--cc=dlaurie@google.com \
--cc=dwmw2@infradead.org \
--cc=furquan@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=heikki.krogerus@linux.intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jsbarnes@google.com \
--cc=lalithambika.krishnakumar@intel.com \
--cc=lenb@kernel.org \
--cc=levinale@google.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=mnissler@google.com \
--cc=oohall@gmail.com \
--cc=pmalani@google.com \
--cc=rajatxjain@gmail.com \
--cc=rjw@rjwysocki.net \
--cc=saravanak@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tbroch@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).