| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Mar 2022 19:18:49 +0200
From: Mika Westerberg <mika.westerberg@...ux.intel.com>
To: Robin Murphy <robin.murphy@....com>
Cc: andreas.noever@...il.com, michael.jamet@...el.com,
YehezkelShB@...il.com, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org,
mario.limonciello@....com, hch@....de
Subject: Re: [PATCH] thunderbolt: Stop using iommu_present()
Hi,
On Wed, Mar 16, 2022 at 02:49:09PM +0000, Robin Murphy wrote:
> > What we want is to make sure the Tunneled PCIe ports get the full IOMMU
> > protection. In case of the discrete above it is also fine if all the
> > devices behind the PCIe root port get the full IOMMU protection. Note in
> > the integrated all the devices are "siblings".
>
> Ah, OK, I wasn't aware that the NHI isn't even the right thing in the first
> place :(
>
> Is there an easy way to get from the struct tb to a PCI device representing
> the end of its relevant tunnel, or do we have a circular dependency problem
> where the latter won't appear until we've authorised it (and thus the IOMMU
> layer won't know about it yet either)?
The PCIe root ports (and the PCIe downstream ports) are there already
even without "authorization".
There is a way to figure out the "tunneled" PCIe ports by looking at
certain properties and we do that already actually. The BIOS has the
following under these ports:
https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-externally-exposed-pcie-root-ports
and the ports will have dev->external_facing set to 1. Perhaps looking
at that field helps here?
Powered by blists - more mailing lists