From: Lukas Wunner <lukas@wunner.de>
To: Mario Limonciello <superm1@kernel.org>
Cc: Bjorn Helgaas <helgaas@kernel.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Alan Stern <stern@rowland.harvard.edu>,
linux-pci@vger.kernel.org, linux-pm@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org,
Oleksij Rempel <o.rempel@pengutronix.de>,
Timo Jyrinki <timo.jyrinki@gmail.com>,
Ernst Persson <ernstp@gmail.com>,
Steven Harms <sjharms@gmail.com>,
James Ettle <james@ettle.org.uk>,
Nick Coghlan <ncoghlan@gmail.com>,
Weng Xuetian <wengxt@gmail.com>,
Andrey Rahmatullin <wrar@wrar.name>,
Boris Barbour <boris.barbour@ens.fr>,
Vlastimil Zima <vlastimil.zima@gmail.com>,
David Banks <amoebae@gmail.com>, Chris Moeller <kode54@gmail.com>,
Daniel Fraga <fragabr@gmail.com>,
Javier Marcet <jmarcet@gmail.com>,
Pavel Pisa <pisa@cmp.felk.cvut.cz>
Subject: Re: [PATCH] PCI/PM: Move ASUS EHCI workaround out of generic code
Date: Fri, 12 Sep 2025 09:26:04 +0200 [thread overview]
Message-ID: <aMPLDLYpeVXO1y6R@wunner.de> (raw)
In-Reply-To: <80980751-64db-4dc2-9516-03046e8b4b31@kernel.org>
On Thu, Sep 11, 2025 at 08:34:56AM -0500, Mario Limonciello wrote:
> On 9/11/25 8:11 AM, Lukas Wunner wrote:
> > pci_disable_device() does not clear I/O and Memory Space Enable, although
> > its name suggests otherwise. The kernel has never disabled these bits
> > once they're enabled. Doing so would avoid the need for the quirk, but it
> > is unclear what will break if this fundamental behavior is changed.
>
> It's too late for this cycle to do so, but how would you feel about making
> this change at the start of the next cycle so it had a whole cycle to bake
> in linux-next and see if there is a problem in doing so?
I can look into it.
The change could be justified as a security enhancement to prevent
unauthorized traffic between devices through peer-to-peer transactions.
pci_disable_device() was introduced with v2.4.3.5 in 2002:
https://git.kernel.org/tglx/history/c/9102e0eb3e9e
I suspect back in the day, clearing Bus Master Enable seemed sufficient
because the only concern was to prevent DMA (and by extension MSIs)
from broken devices. Attacks *between* devices were probably not
considered realistic.
ACS is meant to prevent such attacks, but is an optional capability
and might be configured incorrectly. A zero trust, defense in depth
approach as is common today requires not leaving doors open without need.
If the kernel would clear Memory Space Enable, a malicious device could
not re-enable it on its own because "propagation of Configuration Requests
from Downstream to Upstream as well as peer-to-peer are not supported"
(PCIe r7.0 sec 7.3.3).
It seemed too risky to make such a sweeping change only to get rid of
the EHCI quirk. The present patch is meant as a low-risk refactoring,
but we can consider clearing IO + Memory Space Enable as a long-term
solution. I've cc'ed all the people who reported issues with ASUS
machines back in 2012 in the hope that some of them still have the
(now 13 years old) hardware to test the patch. They might also be
able to test whether the long-term change doesn't regress anything.
Thanks,
Lukas
next prev parent reply other threads:[~2025-09-12 7:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-11 13:11 [PATCH] PCI/PM: Move ASUS EHCI workaround out of generic code Lukas Wunner
2025-09-11 13:28 ` Rafael J. Wysocki
2025-09-11 13:34 ` Mario Limonciello
2025-09-11 13:43 ` Rafael J. Wysocki
2025-09-11 13:46 ` Mario Limonciello
2025-09-11 13:56 ` Rafael J. Wysocki
2025-09-11 18:20 ` Mario Limonciello
2025-09-12 7:26 ` Lukas Wunner [this message]
2025-09-12 9:34 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMPLDLYpeVXO1y6R@wunner.de \
--to=lukas@wunner.de \
--cc=amoebae@gmail.com \
--cc=boris.barbour@ens.fr \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=ernstp@gmail.com \
--cc=fragabr@gmail.com \
--cc=helgaas@kernel.org \
--cc=hpa@zytor.com \
--cc=james@ettle.org.uk \
--cc=jmarcet@gmail.com \
--cc=kode54@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=ncoghlan@gmail.com \
--cc=o.rempel@pengutronix.de \
--cc=pisa@cmp.felk.cvut.cz \
--cc=rafael@kernel.org \
--cc=sjharms@gmail.com \
--cc=stern@rowland.harvard.edu \
--cc=superm1@kernel.org \
--cc=tglx@linutronix.de \
--cc=timo.jyrinki@gmail.com \
--cc=vlastimil.zima@gmail.com \
--cc=wengxt@gmail.com \
--cc=wrar@wrar.name \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox