linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Rajat Jain <rajatja@google.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
	"Bjorn Helgaas" <bhelgaas@google.com>,
	"Alan Stern" <stern@rowland.harvard.edu>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	linux-pci <linux-pci@vger.kernel.org>,
	"open list:ULTRA-WIDEBAND (UWB) SUBSYSTEM:"
	<linux-usb@vger.kernel.org>, "Bjorn Helgaas" <helgaas@kernel.org>,
	"Oliver Neukum" <oneukum@suse.com>,
	"David Laight" <David.Laight@aculab.com>,
	"Krzysztof Wilczyński" <kw@linux.com>,
	"Rajat Jain" <rajatxjain@gmail.com>,
	"Jesse Barnes" <jsbarnes@google.com>,
	"Dmitry Torokhov" <dtor@google.com>
Subject: Re: [PATCH v3 2/2] PCI: Add sysfs "removable" attribute
Date: Thu, 13 May 2021 10:54:47 -0700	[thread overview]
Message-ID: <CACK8Z6E3r=HxRzLyhx5MxAz8+5GgFR8nfYy-mkD4s6oMGxVYhA@mail.gmail.com> (raw)
In-Reply-To: <YJ1k5w/6g6XFrSJ2@kroah.com>

On Thu, May 13, 2021 at 10:42 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Thu, May 13, 2021 at 09:39:58AM -0700, Rajat Jain wrote:
> > Hello,
> >
> > On Thu, May 13, 2021 at 6:58 AM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Wed, May 12, 2021 at 02:34:57PM -0700, Rajat Jain wrote:
> > > > A PCI device is "external_facing" if it's a Root Port with the ACPI
> > > > "ExternalFacingPort" property or if it has the DT "external-facing"
> > > > property.  We consider everything downstream from such a device to
> > > > be removable by user.
> > > >
> > > > We're mainly concerned with consumer platforms with user accessible
> > > > thunderbolt ports that are vulnerable to DMA attacks, and we expect those
> > > > ports to be identified as "ExternalFacingPort". Devices in traditional
> > > > hotplug slots can technically be removed, but the expectation is that
> > > > unless the port is marked with "ExternalFacingPort", such devices are less
> > > > accessible to user / may not be removed by end user, and thus not exposed
> > > > as "removable" to userspace.
> > > >
> > > > Set pci_dev_type.supports_removable so the device core exposes the
> > > > "removable" file in sysfs, and tell the device core about removable
> > > > devices.
> > > >
> > > > This can be used by userspace to implment any policies it wants to,
> > > > tailored specifically for user removable devices. Eg usage:
> > > > https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2591812
> > > > https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2795038
> > > > (code uses such an attribute to remove external PCI devicces or disable
> > > > features on them as needed by the policy desired)
> > > >
> > > > Signed-off-by: Rajat Jain <rajatja@google.com>
> > > > ---
> > > > v3: - commit log updated
> > > >     - Rename set_pci_dev_removable() -> pci_set_removable()
> > > >     - Call it after applying early PCI quirks.
> > > > v2: Add documentation
> > > >
> > > >  Documentation/ABI/testing/sysfs-devices-removable |  3 ++-
> > > >  drivers/pci/pci-sysfs.c                           |  1 +
> > > >  drivers/pci/probe.c                               | 12 ++++++++++++
> > > >  3 files changed, 15 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/Documentation/ABI/testing/sysfs-devices-removable b/Documentation/ABI/testing/sysfs-devices-removable
> > > > index 9dabcad7cdcd..ec0b243f5db4 100644
> > > > --- a/Documentation/ABI/testing/sysfs-devices-removable
> > > > +++ b/Documentation/ABI/testing/sysfs-devices-removable
> > > > @@ -14,4 +14,5 @@ Description:
> > > >
> > > >               Currently this is only supported by USB (which infers the
> > > >               information from a combination of hub descriptor bits and
> > > > -             platform-specific data such as ACPI).
> > > > +             platform-specific data such as ACPI) and PCI (which gets this
> > > > +             from ACPI / device tree).
> > > > diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> > > > index beb8d1f4fafe..38b3259ba333 100644
> > > > --- a/drivers/pci/pci-sysfs.c
> > > > +++ b/drivers/pci/pci-sysfs.c
> > > > @@ -1541,4 +1541,5 @@ static const struct attribute_group *pci_dev_attr_groups[] = {
> > > >
> > > >  const struct device_type pci_dev_type = {
> > > >       .groups = pci_dev_attr_groups,
> > > > +     .supports_removable = true,
> > > >  };
> > > > diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
> > > > index 3a62d09b8869..3515afeeaba8 100644
> > > > --- a/drivers/pci/probe.c
> > > > +++ b/drivers/pci/probe.c
> > > > @@ -1575,6 +1575,16 @@ static void set_pcie_untrusted(struct pci_dev *dev)
> > > >               dev->untrusted = true;
> > > >  }
> > > >
> > > > +static void pci_set_removable(struct pci_dev *dev)
> > > > +{
> > > > +     struct pci_dev *parent = pci_upstream_bridge(dev);
> > > > +     if (parent &&
> > > > +         (parent->external_facing || dev_is_removable(&parent->dev)))
> > > > +             dev_set_removable(&dev->dev, DEVICE_REMOVABLE);
> > > > +     else
> > > > +             dev_set_removable(&dev->dev, DEVICE_FIXED);
> > > > +}
> > >
> > > Always run checkpatch.pl so you don't get grumpy maintainers telling you
> > > to run checkpatch.pl :(
> >
> > Yes, I did (it gave me 0 errors and 0 warnings). Please let me know if
> > I need to fix something and I'll be happy to fix that.
> >
> > >
> > > And why does external_facing come into play here?  I know you say it
> > > above, but you should also put it here into the code for when we need to
> > > look at it in a few months and wonder what in the world this is doing.
> >
> > Ack, will do.
> >
> > >
> > > Also, are you SURE this is correct and will handle the hotpluggable PCI
> > > devices in things like drawers and the like?
> >
> > Yes, me and Bjorn discussed this in the v2 of this patch
> > (https://patchwork.kernel.org/project/linux-usb/patch/20210424021631.1972022-2-rajatja@google.com/),
> > and yes, this can take care of the hot-pluggable trays if the firmware
> > marks the slots external-facing.
>
> Ok, I'll trust you two :)
>
> > > What is the goal here in exposing this information to userspace, who is
> > > going to use it and what is it going to be used for?
> >
> > The goal here is to implement policies regarding usage of external PCI
> > devices, in userspace. ChromeOS is using it for things like:
> > - Remove external PCI devices when a user logs out.
>
> remove them how?  disconnect the device from the system through what
> method?

echo 1 > /sys/bus/pci/devices/<device>/remove

>
> > - Don't allow new external PCI devices while the screen is locked.
>
> Don't allow how?  Don't allow the binding of a driver to a device, or
> the device to be discovered at all?  What controls this?

Actually Sorry, this was a wrong recollection.

>
> > - collect metrics about usage of external PCI devices (how many users
> > actually use it etc).
> > - disable certain features (that are deemed to be dangerous) for
> > external PCI network cards.
>
> What is a "dangerous" network feature, RDMA?

For now, we disable offloading of receive path generic / segmentation
/ checksum features to the external PCI hardware, based on our
security team's recommendations.

Thanks,

Rajat

>
> thanks,
>
> greg k-h

  reply	other threads:[~2021-05-13 17:56 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-12 21:34 [PATCH v3 1/2] driver core: Move the "removable" attribute from USB to core Rajat Jain
2021-05-12 21:34 ` [PATCH v3 2/2] PCI: Add sysfs "removable" attribute Rajat Jain
2021-05-13 13:58   ` Greg Kroah-Hartman
2021-05-13 16:39     ` Rajat Jain
2021-05-13 17:41       ` Greg Kroah-Hartman
2021-05-13 17:54         ` Rajat Jain [this message]
2021-05-13 18:02   ` Rajat Jain
2021-05-13 20:05     ` Bjorn Helgaas
2021-05-13 20:34       ` Rajat Jain
2021-05-13 20:51         ` Bjorn Helgaas
2021-05-13 13:55 ` [PATCH v3 1/2] driver core: Move the "removable" attribute from USB to core Greg Kroah-Hartman
2021-05-13 16:26   ` Rajat Jain
2021-05-13 16:40     ` Greg Kroah-Hartman
2021-05-13 17:27       ` Rajat Jain
2021-05-13 21:06   ` Rajat Jain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACK8Z6E3r=HxRzLyhx5MxAz8+5GgFR8nfYy-mkD4s6oMGxVYhA@mail.gmail.com' \
    --to=rajatja@google.com \
    --cc=David.Laight@aculab.com \
    --cc=bhelgaas@google.com \
    --cc=dtor@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=helgaas@kernel.org \
    --cc=jsbarnes@google.com \
    --cc=kw@linux.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=oneukum@suse.com \
    --cc=rafael@kernel.org \
    --cc=rajatxjain@gmail.com \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).