From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3419CC433DF for ; Fri, 15 May 2020 11:58:06 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F1B2620758 for ; Fri, 15 May 2020 11:58:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hQxPs8Bq" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F1B2620758 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=8bytes.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=fjeNDVLDTW+bPVAiwPM2pyu1U2thIp9iDRxn3PBt4eI=; b=hQxPs8BqWZWdDN 5+/SdJuVfmr0tVT6o7OQPUY+mwmWugrYhnXAPbAVths7orCvlv8EUAPZwOYmzLzD5F5Mo0M3zelvQ dBhJoEPVSQsnI8MXb2iANDAcMu1Wz2aQFqn/fuJsrcY0ZcCcO25v53uOjl6HaS/h3QX1HNwIJ8guO LThftkIy8dl70SX/2bvaXQgJC1dAPNyB3Zw1AVaQrSj0+GLs8X2cJ5eaaLotBvO1GVenx8zm64NZt pH4c3bDW0y81fQwlfWdKt+oV/KFq0Vr9y+vRIQJYpEIClrZEwCt/phW/VQxYD4v1p2Ip89XTG+/0J k8u+/hb7dwyXqdpJP43A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jZYyb-0004xF-0R; Fri, 15 May 2020 11:58:05 +0000 Received: from 8bytes.org ([2a01:238:4383:600:38bc:a715:4b6d:a889] helo=theia.8bytes.org) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jZYyX-0004wb-Df for linux-arm-kernel@lists.infradead.org; Fri, 15 May 2020 11:58:03 +0000 Received: by theia.8bytes.org (Postfix, from userid 1000) id 56097379; Fri, 15 May 2020 13:57:59 +0200 (CEST) Date: Fri, 15 May 2020 13:57:58 +0200 From: Joerg Roedel To: Jean-Philippe Brucker Subject: Re: [PATCH 1/4] PCI/ATS: Only enable ATS for trusted devices Message-ID: <20200515115757.GT18353@8bytes.org> References: <20200515104359.1178606-1-jean-philippe@linaro.org> <20200515104359.1178606-2-jean-philippe@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200515104359.1178606-2-jean-philippe@linaro.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200515_045801_755904_36DFD7F7 X-CRM114-Status: GOOD ( 21.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: alex.williamson@redhat.com, ashok.raj@intel.com, linux-pci@vger.kernel.org, robin.murphy@arm.com, iommu@lists.linux-foundation.org, bhelgaas@google.com, will@kernel.org, dwmw2@infradead.org, linux-arm-kernel@lists.infradead.org, baolu.lu@linux.intel.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Jean-Philippe, thanks for doing this! On Fri, May 15, 2020 at 12:43:59PM +0200, Jean-Philippe Brucker wrote: > Add pci_ats_supported(), which checks whether a device has an ATS > capability, and whether it is trusted. A device is untrusted if it is > plugged into an external-facing port such as Thunderbolt and could be > spoof an existing device to exploit weaknesses in the IOMMU > configuration. PCIe ATS is one such weaknesses since it allows > endpoints to cache IOMMU translations and emit transactions with > 'Translated' Address Type (10b) that partially bypass the IOMMU > translation. > > The SMMUv3 and VT-d IOMMU drivers already disallow ATS and transactions > with 'Translated' Address Type for untrusted devices. Add the check to > pci_enable_ats() to let other drivers (AMD IOMMU for now) benefit from > it. > > By checking ats_cap, the pci_ats_supported() helper also returns whether > ATS was globally disabled with pci=noats, and could later include more > things, for example whether the whole PCIe hierarchy down to the > endpoint supports ATS. > > Signed-off-by: Jean-Philippe Brucker > --- > include/linux/pci-ats.h | 3 +++ > drivers/pci/ats.c | 18 +++++++++++++++++- > 2 files changed, 20 insertions(+), 1 deletion(-) > > diff --git a/include/linux/pci-ats.h b/include/linux/pci-ats.h > index d08f0869f1213e..f75c307f346de9 100644 > --- a/include/linux/pci-ats.h > +++ b/include/linux/pci-ats.h > @@ -6,11 +6,14 @@ > > #ifdef CONFIG_PCI_ATS > /* Address Translation Service */ > +bool pci_ats_supported(struct pci_dev *dev); > int pci_enable_ats(struct pci_dev *dev, int ps); > void pci_disable_ats(struct pci_dev *dev); > int pci_ats_queue_depth(struct pci_dev *dev); > int pci_ats_page_aligned(struct pci_dev *dev); > #else /* CONFIG_PCI_ATS */ > +static inline bool pci_ats_supported(struct pci_dev *d) > +{ return false; } > static inline int pci_enable_ats(struct pci_dev *d, int ps) > { return -ENODEV; } > static inline void pci_disable_ats(struct pci_dev *d) { } > diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c > index 390e92f2d8d1fc..15fa0c37fd8e44 100644 > --- a/drivers/pci/ats.c > +++ b/drivers/pci/ats.c > @@ -30,6 +30,22 @@ void pci_ats_init(struct pci_dev *dev) > dev->ats_cap = pos; > } > > +/** > + * pci_ats_supported - check if the device can use ATS > + * @dev: the PCI device > + * > + * Returns true if the device supports ATS and is allowed to use it, false > + * otherwise. > + */ > +bool pci_ats_supported(struct pci_dev *dev) > +{ > + if (!dev->ats_cap) > + return false; > + > + return !dev->untrusted; dev->untrusted is an 'unsigned int :1', so while this works I would prefer 'return (dev->untrusted == 0);' here, to be more type-safe. With that changed: Reviewed-by: Joerg Roedel > +} > +EXPORT_SYMBOL_GPL(pci_ats_supported); > + > /** > * pci_enable_ats - enable the ATS capability > * @dev: the PCI device > @@ -42,7 +58,7 @@ int pci_enable_ats(struct pci_dev *dev, int ps) > u16 ctrl; > struct pci_dev *pdev; > > - if (!dev->ats_cap) > + if (!pci_ats_supported(dev)) > return -EINVAL; > > if (WARN_ON(dev->ats_enabled)) > -- > 2.26.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel