From: Mika Westerberg <mika.westerberg@intel.com>
To: Rajat Jain <rajatja@google.com>
Cc: David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Ashok Raj <ashok.raj@intel.com>,
lalithambika.krishnakumar@intel.com, rajatxjain@gmail.com,
pmalani@google.com, bleung@google.com, levinale@google.com,
zsm@google.com, mnissler@google.com, tbroch@google.com
Subject: Re: [PATCH] iommu/vt-d: Don't apply gfx quirks to untrusted devices
Date: Tue, 2 Jun 2020 12:50:03 +0300 [thread overview]
Message-ID: <20200602095003.GI247495@lahna.fi.intel.com> (raw)
In-Reply-To: <20200602054517.191244-1-rajatja@google.com>
On Mon, Jun 01, 2020 at 10:45:17PM -0700, Rajat Jain wrote:
> Currently, an external malicious PCI device can masquerade the VID:PID
> of faulty gfx devices, and thus apply iommu quirks to effectively
> disable the IOMMU restrictions for itself.
>
> Thus we need to ensure that the device we are applying quirks to, is
> indeed an internal trusted device.
>
> Signed-off-by: Rajat Jain <rajatja@google.com>
> ---
> drivers/iommu/intel-iommu.c | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index ef0a5246700e5..f2a480168a02f 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -6214,6 +6214,11 @@ const struct iommu_ops intel_iommu_ops = {
>
> static void quirk_iommu_igfx(struct pci_dev *dev)
> {
> + if (dev->untrusted) {
> + pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n");
I think you should be consistent with other messages. For example iommu
should be spelled IOMMU as done below.
Also this is visible to users so maybe put bit more information there:
pci_warn(dev, "Will not apply IOMMU quirk for untrusted graphics device\n");
Ditto for all the other places. Also is "untrusted" good word here? If
an ordinary user sees this will it trigger some sort of panic reaction.
Perhaps we should call it "potentially untrusted" or something like
that?
> + return;
> + }
> +
> pci_info(dev, "Disabling IOMMU for graphics on this chipset\n");
> dmar_map_gfx = 0;
next prev parent reply other threads:[~2020-06-02 9:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-02 5:45 [PATCH] iommu/vt-d: Don't apply gfx quirks to untrusted devices Rajat Jain
2020-06-02 7:15 ` Lu Baolu
2020-06-02 9:50 ` Mika Westerberg [this message]
2020-06-02 18:43 ` Rajat Jain
2020-06-02 20:19 ` Raj, Ashok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200602095003.GI247495@lahna.fi.intel.com \
--to=mika.westerberg@intel.com \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bleung@google.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=lalithambika.krishnakumar@intel.com \
--cc=levinale@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mnissler@google.com \
--cc=pmalani@google.com \
--cc=rajatja@google.com \
--cc=rajatxjain@gmail.com \
--cc=tbroch@google.com \
--cc=zsm@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox