From: Rajat Jain <rajatja@google.com>
To: David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>,
Bjorn Helgaas <bhelgaas@google.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Len Brown <lenb@kernel.org>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org, linux-acpi@vger.kernel.org,
Raj Ashok <ashok.raj@intel.com>,
lalithambika.krishnakumar@intel.com,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Prashant Malani <pmalani@google.com>,
Benson Leung <bleung@google.com>, Todd Broch <tbroch@google.com>,
Alex Levin <levinale@google.com>,
Mattias Nissler <mnissler@google.com>,
Rajat Jain <rajatxjain@gmail.com>,
Bernie Keany <bernie.keany@intel.com>,
Aaron Durbin <adurbin@google.com>,
Diego Rivas <diegorivas@google.com>,
Duncan Laurie <dlaurie@google.com>,
Furquan Shaikh <furquan@google.com>,
Jesse Barnes <jsbarnes@google.com>,
Christian Kellner <christian@kellner.me>,
Alex Williamson <alex.williamson@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
oohall@gmail.com, Saravana Kannan <saravanak@google.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Arnd Bergmann <arnd@arndb.de>,
Heikki Krogerus <heikki.krogerus@linux.intel.com>
Cc: Rajat Jain <rajatja@google.com>
Subject: [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs
Date: Mon, 29 Jun 2020 21:49:36 -0700 [thread overview]
Message-ID: <20200630044943.3425049-1-rajatja@google.com> (raw)
This is a set of loosely related patches most of whom emerged out of
discussion in the following threads. In a nutshell the goal was to allow
an administrator to specify which driver he wants to allow on external
ports, and a strategy was chalked out:
https://lore.kernel.org/linux-pci/20200609210400.GA1461839@bjorn-Precision-5520/
https://lore.kernel.org/linux-pci/20200618184621.GA446639@kroah.com/
https://lore.kernel.org/linux-pci/20200627050225.GA226238@kroah.com/
* The first 3 patches tighten the PCI security using ACS, and take care
of a border case.
* The 4th patch takes care of PCI bug.
* 5th and 6th patches expose a device's location into the sysfs to allow
admin to make decision based on that.
* 7th patch is to ensure that the external devices don't bind to drivers
during boot.
Rajat Jain (7):
PCI: Keep the ACS capability offset in device
PCI: Set "untrusted" flag for truly external devices only
PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices
PCI: Add device even if driver attach failed
driver core: Add device location to "struct device" and expose it in
sysfs
PCI: Move pci_dev->untrusted logic to use device location instead
PCI: Add parameter to disable attaching external devices
drivers/base/core.c | 35 +++++++++++++++++++++++++++++++
drivers/iommu/intel/iommu.c | 31 ++++++++++++++++++---------
drivers/pci/ats.c | 2 +-
drivers/pci/bus.c | 13 ++++++------
drivers/pci/of.c | 2 +-
drivers/pci/p2pdma.c | 2 +-
drivers/pci/pci-acpi.c | 13 ++++++------
drivers/pci/pci-driver.c | 1 +
drivers/pci/pci.c | 34 ++++++++++++++++++++++++++----
drivers/pci/pci.h | 3 ++-
drivers/pci/probe.c | 20 +++++++++++-------
drivers/pci/quirks.c | 19 +++++++++++++----
include/linux/device.h | 42 +++++++++++++++++++++++++++++++++++++
include/linux/device/bus.h | 8 +++++++
include/linux/pci.h | 13 ++++++------
15 files changed, 191 insertions(+), 47 deletions(-)
--
2.27.0.212.ge8ba1cc988-goog
next reply other threads:[~2020-06-30 4:49 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-30 4:49 Rajat Jain [this message]
2020-06-30 4:49 ` [PATCH v2 1/7] PCI: Keep the ACS capability offset in device Rajat Jain
2020-07-06 15:58 ` Bjorn Helgaas
2020-07-06 22:16 ` Rajat Jain
2020-07-06 23:18 ` Bjorn Helgaas
2020-06-30 4:49 ` [PATCH v2 2/7] PCI: Set "untrusted" flag for truly external devices only Rajat Jain
2020-06-30 7:38 ` Lu Baolu
2020-06-30 7:55 ` Greg Kroah-Hartman
2020-07-06 16:41 ` Bjorn Helgaas
2020-07-06 18:48 ` Greg Kroah-Hartman
2020-07-06 16:38 ` Bjorn Helgaas
2020-07-06 22:31 ` Rajat Jain
2020-07-06 23:30 ` Bjorn Helgaas
2020-07-06 23:40 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 3/7] PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices Rajat Jain
2020-07-06 16:45 ` Bjorn Helgaas
2020-07-06 23:12 ` Rajat Jain
2020-07-06 17:07 ` Bjorn Helgaas
2020-07-06 23:19 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 4/7] PCI: Add device even if driver attach failed Rajat Jain
2020-06-30 8:02 ` Greg Kroah-Hartman
2020-07-06 23:35 ` Rajat Jain
2020-06-30 4:49 ` [PATCH v2 5/7] driver core: Add device location to "struct device" and expose it in sysfs Rajat Jain
2020-06-30 8:01 ` Greg Kroah-Hartman
2020-06-30 10:49 ` Heikki Krogerus
2020-06-30 12:52 ` Greg Kroah-Hartman
2020-06-30 13:00 ` Rafael J. Wysocki
2020-06-30 15:38 ` Greg Kroah-Hartman
2020-06-30 16:08 ` Rafael J. Wysocki
2020-06-30 17:00 ` Greg Kroah-Hartman
2020-07-01 18:06 ` Rajat Jain
2020-07-02 5:23 ` Oliver O'Halloran
2020-07-02 7:32 ` Greg Kroah-Hartman
2020-07-02 8:40 ` Oliver O'Halloran
2020-07-02 8:52 ` Greg Kroah-Hartman
2020-07-02 8:53 ` Greg Kroah-Hartman
2020-07-07 6:03 ` Rajat Jain
2020-06-30 17:43 ` Saravana Kannan
2020-06-30 4:49 ` [PATCH v2 6/7] PCI: Move pci_dev->untrusted logic to use device location instead Rajat Jain
2020-06-30 7:39 ` Lu Baolu
2020-06-30 4:49 ` [PATCH v2 7/7] PCI: Add parameter to disable attaching external devices Rajat Jain
2020-07-04 11:44 ` [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs Pavel Machek
2020-07-06 22:18 ` Rajat Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200630044943.3425049-1-rajatja@google.com \
--to=rajatja@google.com \
--cc=adurbin@google.com \
--cc=alex.williamson@redhat.com \
--cc=arnd@arndb.de \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bernie.keany@intel.com \
--cc=bhelgaas@google.com \
--cc=bleung@google.com \
--cc=christian@kellner.me \
--cc=diegorivas@google.com \
--cc=dlaurie@google.com \
--cc=dwmw2@infradead.org \
--cc=furquan@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=heikki.krogerus@linux.intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jsbarnes@google.com \
--cc=lalithambika.krishnakumar@intel.com \
--cc=lenb@kernel.org \
--cc=levinale@google.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=mnissler@google.com \
--cc=oohall@gmail.com \
--cc=pmalani@google.com \
--cc=rajatxjain@gmail.com \
--cc=rjw@rjwysocki.net \
--cc=saravanak@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tbroch@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).