lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Apr 2024 10:40:15 +0000
From: Vidya Sagar <vidyas@...dia.com>
To: Bjorn Helgaas <helgaas@...nel.org>, "Rafael J. Wysocki"
	<rafael@...nel.org>, Krzysztof WilczyƄski <kw@...ux.com>,
	Lorenzo Pieralisi <lpieralisi@...nel.org>
CC: "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Manikanta
 Maddireddy <mmaddireddy@...dia.com>, Shanker Donthineni
	<sdonthineni@...dia.com>, Krishna Thota <kthota@...dia.com>
Subject: [Query] ACS enablement in the DT based boot flow

Hi folks,
ACS (Access Control Services) is configured for a PCI device through pci_enable_acs().
The first thing pci_enable_acs() checks for is whether the global flag 'pci_acs_enable' is set or not.
The global flag 'pci_acs_enable' is set by the function pci_request_acs().

pci_enable_acs() function is called whenever a new PCI device is added to the system

 pci_enable_acs+0x4c/0x2a4
 pci_acs_init+0x38/0x60
 pci_device_add+0x1a0/0x670
 pci_scan_single_device+0xc4/0x100
 pci_scan_slot+0x6c/0x1e0
 pci_scan_child_bus_extend+0x48/0x2e0
 pci_scan_root_bus_bridge+0x64/0xf0
 pci_host_probe+0x18/0xd0

In the case of a system that boots using device-tree blob, pci_request_acs() is called when the
device driver binds with the respective device

of_iommu_configure+0xf4/0x230
of_dma_configure_id+0x110/0x340
pci_dma_configure+0x54/0x120
really_probe+0x80/0x3e0
__driver_probe_device+0x88/0x1c0
driver_probe_device+0x3c/0x140
__device_attach_driver+0xe8/0x1e0
bus_for_each_drv+0x78/0xf0
__device_attach+0x104/0x1e0
device_attach+0x14/0x30
pci_bus_add_device+0x50/0xd0
pci_bus_add_devices+0x38/0x90
pci_host_probe+0x40/0xd0

Since the device addition always happens first followed by the driver binding, this flow effectively
makes sure that ACS never gets enabled.

Ideally, I would expect the pci_request_acs() get called (probably by the OF framework itself) before
calling pci_enable_acs().

This happens in the ACPI flow where pci_request_acs() is called during IORT node
initialization (i.e. iort_init_platform_devices() function).

Is this understanding correct? If yes, would it make sense to call pci_request_acs() during
OF initialization (similar to IORT initialization in ACPI flow)?

Thanks,
Vidya Sagar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ