From: Bjorn Helgaas <helgaas@kernel.org>
To: Rajat Jain <rajatja@google.com>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
Len Brown <lenb@kernel.org>, Bjorn Helgaas <bhelgaas@google.com>,
linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, rajatxjain@gmail.com,
dtor@google.com, jsbarnes@google.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Pavel Machek <pavel@denx.de>,
Oliver O'Halloran <oohall@gmail.com>,
Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted
Date: Fri, 21 Jan 2022 15:41:17 -0600 [thread overview]
Message-ID: <20220121214117.GA1154852@bhelgaas> (raw)
In-Reply-To: <20220120000409.2706549-1-rajatja@google.com>
[+cc Greg, Jean-Philippe, Mika, Pavel, Oliver, Joerg since they
commented on previous "external-facing" discussion]
On Wed, Jan 19, 2022 at 04:04:09PM -0800, Rajat Jain wrote:
> Today the pci_dev->untrusted is set for any devices sitting downstream
> an external facing port (determined via "ExternalFacingPort" property).
> This however, disallows any internal devices to be marked as untrusted.
This isn't stated quite accurately. "dev->untrusted" is currently set
only by set_pcie_untrusted(), when "dev" has an upstream bridge that
is either external-facing or untrusted.
But that doesn't disallow or prevent internal devices from being
marked as untrusted; it just doesn't implement that.
> There are use-cases though, where a platform would like to treat an
> internal device as untrusted (perhaps because it runs untrusted
> firmware, or offers an attack surface by handling untrusted network
> data etc).
>
> This patch introduces a new "UntrustedDevice" property that can be used
> by the firmware to mark any device as untrusted.
I think I'm OK with this. Write this last sentence in imperative
mood; see
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/maintainer-tip.rst?id=v5.16#n134
for examples.
> Signed-off-by: Rajat Jain <rajatja@google.com>
> ---
> drivers/pci/pci-acpi.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
> index a42dbf448860..3d9e5fa49451 100644
> --- a/drivers/pci/pci-acpi.c
> +++ b/drivers/pci/pci-acpi.c
> @@ -1350,12 +1350,25 @@ static void pci_acpi_set_external_facing(struct pci_dev *dev)
> dev->external_facing = 1;
> }
>
> +static void pci_acpi_set_untrusted(struct pci_dev *dev)
> +{
> + u8 val;
> +
> + if (device_property_read_u8(&dev->dev, "UntrustedDevice", &val))
> + return;
> +
> + /* These PCI devices are not trustworthy */
Comment is probably superfluous since the code seems obvious without
it.
> + if (val)
> + dev->untrusted = 1;
> +}
> +
> void pci_acpi_setup(struct device *dev, struct acpi_device *adev)
> {
> struct pci_dev *pci_dev = to_pci_dev(dev);
>
> pci_acpi_optimize_delay(pci_dev, adev->handle);
> pci_acpi_set_external_facing(pci_dev);
> + pci_acpi_set_untrusted(pci_dev);
> pci_acpi_add_edr_notifier(pci_dev);
>
> pci_acpi_add_pm_notifier(adev, pci_dev);
> --
> 2.34.1.703.g22d0c6ccf7-goog
>
next prev parent reply other threads:[~2022-01-21 21:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 0:04 [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted Rajat Jain
2022-01-20 2:25 ` Dmitry Torokhov
2022-01-20 15:08 ` Rajat Jain
2022-01-27 23:02 ` Rajat Jain
2022-01-21 21:41 ` Bjorn Helgaas [this message]
2022-01-22 14:46 ` Greg Kroah-Hartman
2022-01-24 6:27 ` Mika Westerberg
2022-01-25 10:58 ` Mika Westerberg
2022-01-25 11:15 ` Greg Kroah-Hartman
2022-01-25 12:55 ` Mika Westerberg
2022-01-25 14:45 ` Rafael J. Wysocki
2022-01-27 22:26 ` Rajat Jain
2022-01-28 7:48 ` Mika Westerberg
2022-01-28 21:34 ` Rajat Jain
2022-01-30 14:30 ` Rafael J. Wysocki
2022-01-31 6:41 ` Mika Westerberg
2022-01-31 19:57 ` Rajat Jain
2022-02-02 2:05 ` Rajat Jain
2022-01-28 9:55 ` Jean-Philippe Brucker
2022-01-25 14:40 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220121214117.GA1154852@bhelgaas \
--to=helgaas@kernel.org \
--cc=bhelgaas@google.com \
--cc=dtor@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jsbarnes@google.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=oohall@gmail.com \
--cc=pavel@denx.de \
--cc=rafael@kernel.org \
--cc=rajatja@google.com \
--cc=rajatxjain@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.