From: Lukas Wunner <lukas@wunner.de>
To: Vidya Sagar <vidyas@nvidia.com>
Cc: bhelgaas@google.com, alex.williamson@redhat.com,
treding@nvidia.com, jonathanh@nvidia.com,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
vsethi@nvidia.com, kthota@nvidia.com, mmaddireddy@nvidia.com,
sagar.tv@gmail.com
Subject: Re: [PATCH V3] PCI: pciehp: Disable ACS Source Validation during hot-remove
Date: Thu, 18 Jan 2024 11:33:35 +0100 [thread overview]
Message-ID: <20240118103335.GA29974@wunner.de> (raw)
In-Reply-To: <7345c2d2-5446-49a6-9ceb-0f1b9ee4ec18@nvidia.com>
On Thu, Jan 11, 2024 at 07:14:54PM +0530, Vidya Sagar wrote:
> On 1/8/2024 7:49 PM, Lukas Wunner wrote:
> > On Thu, Jan 04, 2024 at 08:01:06PM +0530, Vidya Sagar wrote:
> > > On 8/1/2023 1:29 AM, Lukas Wunner wrote:
> > > > As an alternative to disabling ACS, have you explored masking ACS
> > > > Violations (PCI_ERR_UNC_ACSV) upon de-enumeration of a device and
> > > > unmasking them after assignment of a bus number?
> > >
> > > I explored this option and it seemed to work as expected. But, the issue
> > > is that this works only if the AER registers are owned by the OS. If the
> > > AER registers are owned by the firmware (i.e. Firmware-First approach of
> > > handling the errors), OS is not supposed to access the AER registers and
> > > there is no indication from the OS to the firmware as to when the
> > > enumeration is completed and time is apt to unmask the ACSViolation
> > > errors in the AER's Uncorrectable Error Mask register.
> > > Any thoughts on accommodating the Firmware-First approach also?
I'm sorry, I don't have any good ideas.
I just would like to avoid disabling ACS Source Validation because
it would diminish our security posture.
I guess setting the secondary bus number in the hotplug port to 0
isn't a good solution either because it would allow hotplugged devices
to temporarily spoof TLPs from devices on the root bus, right?
One option might be to have separate code paths: If AER is owned by
the OS, mask PCI_ERR_UNC_ACSV on hot-removal, unmask on hot-add.
If AER is *not* owned by the OS, disable ACS Source Validation on
hot-removal, enable on hot-add, and warn loudly about the security
implications.
Another option might be to change error handling, i.e. ignore
ACS Source Validation errors if they occur before assignment of
a bus number. And temporarily disable DPC.
None of these options look pretty. I'm generally not a fan of
having the firmware own certain features. The user experience
is better if everything is owned by the OS. This is just one
more case in point. :(
Thanks,
Lukas
prev parent reply other threads:[~2024-01-18 10:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-11 14:52 [PATCH V1] PCI: pciehp: Disable ACS Source Validation during hot-remove Vidya Sagar
2023-01-11 17:11 ` kernel test robot
2023-01-11 17:11 ` kernel test robot
2023-01-11 19:05 ` [PATCH V2] " Vidya Sagar
2023-02-14 23:30 ` Bjorn Helgaas
2023-07-30 19:14 ` Vidya Sagar
2023-07-30 19:15 ` [PATCH V3] " Vidya Sagar
2023-07-30 19:40 ` Lukas Wunner
2023-07-30 20:02 ` Vidya Sagar
2023-07-31 19:59 ` Lukas Wunner
2023-08-02 0:19 ` Dan Williams
2024-01-04 14:31 ` Vidya Sagar
2024-01-08 14:19 ` Lukas Wunner
2024-01-11 13:44 ` Vidya Sagar
2024-01-18 2:27 ` Vidya Sagar
2024-01-18 10:33 ` Lukas Wunner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240118103335.GA29974@wunner.de \
--to=lukas@wunner.de \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=jonathanh@nvidia.com \
--cc=kthota@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mmaddireddy@nvidia.com \
--cc=sagar.tv@gmail.com \
--cc=treding@nvidia.com \
--cc=vidyas@nvidia.com \
--cc=vsethi@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.