lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJZ5v0hH-Xujak9jGLOvxnLVHXCms8SU-2qJnzPXpAGK4FBxqA@mail.gmail.com>
Date:   Tue, 5 Apr 2022 15:26:03 +0200
From:   "Rafael J. Wysocki" <rafael@...nel.org>
To:     Rajat Jain <rajatja@...gle.com>
Cc:     "Rafael J. Wysocki" <rafael@...nel.org>,
        Len Brown <lenb@...nel.org>,
        Linux PCI <linux-pci@...r.kernel.org>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Bjorn Helgaas <helgaas@...nel.org>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        ACPI Devel Maling List <linux-acpi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Rajat Jain <rajatxjain@...il.com>,
        Dmitry Torokhov <dtor@...gle.com>,
        Jesse Barnes <jsbarnes@...gle.com>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Pavel Machek <pavel@...x.de>,
        "Oliver O'Halloran" <oohall@...il.com>,
        Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
        David Woodhouse <dwmw2@...radead.org>,
        Lu Baolu <baolu.lu@...ux.intel.com>,
        "open list:AMD IOMMU (AMD-VI)" <iommu@...ts.linux-foundation.org>
Subject: Re: [PATCH v5 2/2] PCI: Rename pci_dev->untrusted to pci_dev->untrusted_dma

On Fri, Mar 25, 2022 at 7:46 PM Rajat Jain <rajatja@...gle.com> wrote:
>
> Rename the field to make it more clear, that the device can execute DMA
> attacks on the system, and thus the system may need protection from
> such attacks from this device.
>
> No functional change intended.
>
> Signed-off-by: Rajat Jain <rajatja@...gle.com>
> Reviewed-by: Mika Westerberg <mika.westerberg@...ux.intel.com>

Acked-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>

> ---
> v5: Use "untrusted_dma" as property name, based on feedback.
>     Reorder the patches in the series.
> v4: Initial version, created based on comments on other patch
>
>  drivers/iommu/dma-iommu.c   | 6 +++---
>  drivers/iommu/intel/iommu.c | 2 +-
>  drivers/iommu/iommu.c       | 2 +-
>  drivers/pci/ats.c           | 2 +-
>  drivers/pci/pci-acpi.c      | 2 +-
>  drivers/pci/pci.c           | 2 +-
>  drivers/pci/probe.c         | 8 ++++----
>  drivers/pci/quirks.c        | 2 +-
>  include/linux/pci.h         | 5 +++--
>  9 files changed, 16 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index d85d54f2b549..7cbe300fe907 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -497,14 +497,14 @@ static int iova_reserve_iommu_regions(struct device *dev,
>         return ret;
>  }
>
> -static bool dev_is_untrusted(struct device *dev)
> +static bool dev_has_untrusted_dma(struct device *dev)
>  {
> -       return dev_is_pci(dev) && to_pci_dev(dev)->untrusted;
> +       return dev_is_pci(dev) && to_pci_dev(dev)->untrusted_dma;
>  }
>
>  static bool dev_use_swiotlb(struct device *dev)
>  {
> -       return IS_ENABLED(CONFIG_SWIOTLB) && dev_is_untrusted(dev);
> +       return IS_ENABLED(CONFIG_SWIOTLB) && dev_has_untrusted_dma(dev);
>  }
>
>  /**
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 92fea3fbbb11..9246b7c9ab46 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -5570,7 +5570,7 @@ intel_iommu_enable_nesting(struct iommu_domain *domain)
>   */
>  static bool risky_device(struct pci_dev *pdev)
>  {
> -       if (pdev->untrusted) {
> +       if (pdev->untrusted_dma) {
>                 pci_info(pdev,
>                          "Skipping IOMMU quirk for dev [%04X:%04X] on untrusted PCI link\n",
>                          pdev->vendor, pdev->device);
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 8b86406b7162..79fb66af2e68 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -1522,7 +1522,7 @@ static int iommu_get_def_domain_type(struct device *dev)
>  {
>         const struct iommu_ops *ops = dev->bus->iommu_ops;
>
> -       if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted)
> +       if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted_dma)
>                 return IOMMU_DOMAIN_DMA;
>
>         if (ops->def_domain_type)
> diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c
> index c967ad6e2626..477c16ba9341 100644
> --- a/drivers/pci/ats.c
> +++ b/drivers/pci/ats.c
> @@ -42,7 +42,7 @@ bool pci_ats_supported(struct pci_dev *dev)
>         if (!dev->ats_cap)
>                 return false;
>
> -       return (dev->untrusted == 0);
> +       return (dev->untrusted_dma == 0);
>  }
>  EXPORT_SYMBOL_GPL(pci_ats_supported);
>
> diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
> index 378e05096c52..1d5a284c3661 100644
> --- a/drivers/pci/pci-acpi.c
> +++ b/drivers/pci/pci-acpi.c
> @@ -1362,7 +1362,7 @@ static void pci_acpi_check_for_dma_protection(struct pci_dev *dev)
>                 return;
>
>         if (val)
> -               dev->untrusted = 1;
> +               dev->untrusted_dma = 1;
>  }
>
>  void pci_acpi_setup(struct device *dev, struct acpi_device *adev)
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 9ecce435fb3f..1fb0eb8646c8 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -958,7 +958,7 @@ static void pci_std_enable_acs(struct pci_dev *dev)
>         ctrl |= (cap & PCI_ACS_UF);
>
>         /* Enable Translation Blocking for external devices and noats */
> -       if (pci_ats_disabled() || dev->external_facing || dev->untrusted)
> +       if (pci_ats_disabled() || dev->external_facing || dev->untrusted_dma)
>                 ctrl |= (cap & PCI_ACS_TB);
>
>         pci_write_config_word(dev, pos + PCI_ACS_CTRL, ctrl);
> diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
> index 17a969942d37..d2a9b26fcede 100644
> --- a/drivers/pci/probe.c
> +++ b/drivers/pci/probe.c
> @@ -1587,7 +1587,7 @@ static void set_pcie_thunderbolt(struct pci_dev *dev)
>                 dev->is_thunderbolt = 1;
>  }
>
> -static void set_pcie_untrusted(struct pci_dev *dev)
> +static void pci_set_untrusted_dma(struct pci_dev *dev)
>  {
>         struct pci_dev *parent;
>
> @@ -1596,8 +1596,8 @@ static void set_pcie_untrusted(struct pci_dev *dev)
>          * untrusted as well.
>          */
>         parent = pci_upstream_bridge(dev);
> -       if (parent && (parent->untrusted || parent->external_facing))
> -               dev->untrusted = true;
> +       if (parent && (parent->untrusted_dma || parent->external_facing))
> +               dev->untrusted_dma = true;
>  }
>
>  static void pci_set_removable(struct pci_dev *dev)
> @@ -1862,7 +1862,7 @@ int pci_setup_device(struct pci_dev *dev)
>         /* Need to have dev->cfg_size ready */
>         set_pcie_thunderbolt(dev);
>
> -       set_pcie_untrusted(dev);
> +       pci_set_untrusted_dma(dev);
>
>         /* "Unknown power state" */
>         dev->current_state = PCI_UNKNOWN;
> diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
> index 5f46fed01e6c..7ca3c2cdfb20 100644
> --- a/drivers/pci/quirks.c
> +++ b/drivers/pci/quirks.c
> @@ -5134,7 +5134,7 @@ static int pci_quirk_enable_intel_spt_pch_acs(struct pci_dev *dev)
>         ctrl |= (cap & PCI_ACS_CR);
>         ctrl |= (cap & PCI_ACS_UF);
>
> -       if (pci_ats_disabled() || dev->external_facing || dev->untrusted)
> +       if (pci_ats_disabled() || dev->external_facing || dev->untrusted_dma)
>                 ctrl |= (cap & PCI_ACS_TB);
>
>         pci_write_config_dword(dev, pos + INTEL_SPT_ACS_CTRL, ctrl);
> diff --git a/include/linux/pci.h b/include/linux/pci.h
> index 678fecdf6b81..b7c5fede0b93 100644
> --- a/include/linux/pci.h
> +++ b/include/linux/pci.h
> @@ -444,13 +444,14 @@ struct pci_dev {
>         unsigned int    shpc_managed:1;         /* SHPC owned by shpchp */
>         unsigned int    is_thunderbolt:1;       /* Thunderbolt controller */
>         /*
> -        * Devices marked being untrusted are the ones that can potentially
> +        * Devices marked with untrusted_dma are the ones that can potentially
>          * execute DMA attacks and similar. They are typically connected
>          * through external ports such as Thunderbolt but not limited to
>          * that. When an IOMMU is enabled they should be getting full
>          * mappings to make sure they cannot access arbitrary memory.
>          */
> -       unsigned int    untrusted:1;
> +       unsigned int    untrusted_dma:1;
> +
>         /*
>          * Info from the platform, e.g., ACPI or device tree, may mark a
>          * device as "external-facing".  An external-facing device is
> --
> 2.35.1.1021.g381101b075-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ