From: Sinan Kaya <okaya@codeaurora.org>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>,
Linux PCI <linux-pci@vger.kernel.org>,
Nate Watterson <nwatters@codeaurora.org>,
Lorenzo Pieralisi <Lorenzo.Pieralisi@arm.com>,
iommu@lists.linux-foundation.org,
Vikram Sethi <vikrams@codeaurora.org>,
Bjorn Helgaas <bhelgaas@google.com>
Subject: Re: RFC on No ACS Support and SMMUv3 Support
Date: Mon, 13 Feb 2017 20:54:04 -0500 [thread overview]
Message-ID: <546869d0-d05c-9550-86d5-276bc7a3c284@codeaurora.org> (raw)
In-Reply-To: <20170213184643.2d2bdce7@t450s.home>
On 2/13/2017 8:46 PM, Alex Williamson wrote:
>> My first goal is to support virtual function passthrough for device's that are directly
>> connected. This will be possible with the quirk I proposed and it will be the most
>> secure solution. It can certainly be generalized for other systems.
> Why is this anything more than a quirk for the affected PCIe root port
> vendor:device IDs and use of pci_device_group() to evaluate the rest of
> the topology, as appears is already done? Clearly a blanket exception
> for the platform wouldn't necessarily be correct if a user could plugin
> a device that adds a PCIe switch.
I was going to go this direction first. I wanted to check with everybody to see
if there are other/better alternatives possible via either changing
pci_device_group or changing the smmuv3 driver.
>
>> My second goal is extend the code such that ACS validation is up to the customer via
>> pci=noacs kernel command line for instance. This will let the customer choose what he
>> really wants rather than kernel trying to be smart and protective. By passing pci=noacs
>> parameter, customer acknowledges the risks this command line carries.
> Be prepared that this will need to taint the kernel since we make
> assertions with drivers like vfio to provide secure, isolated user
> access to devices and we can't make that statement if the user has
> bypassed ACS enforcement. There is absolutely no way that such an
> option would not be severely abused. In fact, I tried adding such an
> option with the pcie_acs_override= patch[1], Bjorn rejected it and I'm
> thankful that he did. I don't think this is a good idea, sometimes the
> kernel does need to be smarter than the user to protect them from
> themselves. Any easy bypass also lets hardware vendors ignore the
> issue longer. Thanks,
Bjorn, any inputs?
>
> Alex
>
> [1] https://lkml.org/lkml/2013/5/30/513
>
--
Sinan Kaya
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.
next prev parent reply other threads:[~2017-02-14 1:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-13 22:24 RFC on No ACS Support and SMMUv3 Support Sinan Kaya
2017-02-13 23:06 ` Alex Williamson
2017-02-14 0:14 ` Sinan Kaya
2017-02-14 1:46 ` Alex Williamson
2017-02-14 1:54 ` Sinan Kaya [this message]
2017-02-14 9:45 ` Will Deacon
2017-02-14 12:10 ` Robin Murphy
2017-02-14 12:36 ` Will Deacon
2017-02-14 13:53 ` Sinan Kaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546869d0-d05c-9550-86d5-276bc7a3c284@codeaurora.org \
--to=okaya@codeaurora.org \
--cc=Lorenzo.Pieralisi@arm.com \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=iommu@lists.linux-foundation.org \
--cc=linux-pci@vger.kernel.org \
--cc=nwatters@codeaurora.org \
--cc=vikrams@codeaurora.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).