| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2017 17:01:45 -0500
From: Sinan Kaya <okaya@...eaurora.org>
To: linux-pci@...r.kernel.org, timur@...eaurora.org
Cc: linux-arm-msm@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
Sinan Kaya <okaya@...eaurora.org>,
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH V2] PCI: add QCOM root port quirks for ACS
PCI Express defines an optional featured called Access Control Services
described in 6.12. Access Control Services (ACS) section of the PCIe 3.1
Specification.
Linux kernel uses ACS to validate/prohibit data transfers among PCIe
functions. This becomes especially useful when running guest machines
with PCI device passthrough. It provides security guarantee that only
OS allowed PCIe devices can talk to each other.
QCOM root ports do provide ACS-like features to disable peer
transactions and validate bus numbers in requests, but do not provide an
actual PCIe ACS capability.
To be specific:
* Hardware supports source validation but it will report the issue as
Completer Abort instead of ACS Violation.
* Hardware doesn't support peer-to-peer and each root port is a root
complex with unique segment numbers.
* It is not possible for one root port to pass traffic to the other root
port. All PCIe transactions are terminated inside the root port.
Adding an ACS quirk for the QDF2400 and QDF2432 products.
Signed-off-by: Sinan Kaya <okaya@...eaurora.org>
---
drivers/pci/quirks.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 1800bef..2df06cb 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4136,6 +4136,27 @@ static int pci_quirk_intel_pch_acs(struct pci_dev *dev, u16 acs_flags)
}
/*
+ * These QCOM root ports do provide ACS-like features to disable peer
+ * transactions and validate bus numbers in requests, but do not provide an
+ * actual PCIe ACS capability.
+ * Hardware supports source validation but it will report the issue as
+ * Completer Abort instead of ACS Violation.
+ * Hardware doesn't support peer-to-peer and each root port is a root complex
+ * with unique segment numbers.
+ * It is not possible for one root port to pass traffic to the other root
+ * port. All PCIe transactions are terminated inside the root port.
+ */
+static int pci_quirk_qcom_rp_acs(struct pci_dev *dev, u16 acs_flags)
+{
+ u16 flags = (PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF | PCI_ACS_SV);
+ int ret = acs_flags & ~flags ? 0 : 1;
+
+ dev_info(&dev->dev, "Using QCOM ACS Quirk (%d)\n", ret);
+
+ return ret;
+}
+
+/*
* Sunrise Point PCH root ports implement ACS, but unfortunately as shown in
* the datasheet (Intel 100 Series Chipset Family PCH Datasheet, Vol. 2,
* 12.1.46, 12.1.47)[1] this chipset uses dwords for the ACS capability and
@@ -4271,6 +4292,9 @@ static int pci_quirk_mf_endpoint_acs(struct pci_dev *dev, u16 acs_flags)
/* I219 */
{ PCI_VENDOR_ID_INTEL, 0x15b7, pci_quirk_mf_endpoint_acs },
{ PCI_VENDOR_ID_INTEL, 0x15b8, pci_quirk_mf_endpoint_acs },
+ /* QCOM QDF2xxx root ports */
+ { 0x17CB, 0x400, pci_quirk_qcom_rp_acs },
+ { 0x17CB, 0x401, pci_quirk_qcom_rp_acs },
/* Intel PCH root ports */
{ PCI_VENDOR_ID_INTEL, PCI_ANY_ID, pci_quirk_intel_pch_acs },
{ PCI_VENDOR_ID_INTEL, PCI_ANY_ID, pci_quirk_intel_spt_pch_acs },
--
1.9.1
Powered by blists - more mailing lists