| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260123145113.GA1134360@nvidia.com>
Date: Fri, 23 Jan 2026 10:51:13 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Wei Wang <wei.w.wang@...mail.com>
Cc: bhelgaas@...gle.com, akpm@...ux-foundation.org, bp@...en8.de,
rdunlap@...radead.org, alex@...zbot.org, kevin.tian@...el.com,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org
Subject: Re: [PATCH v2 2/2] PCI: Add the enhanced ACS controls check to
pci_acs_flags_enabled()
On Fri, Jan 23, 2026 at 09:49:43AM +0800, Wei Wang wrote:
> The enhanced ACS controls introduced by PCIe Gen 5 ensures better device
> isolation. On devices that support the PCI_ACS_ECAP capability, the
> controls are required to be enabled properly:
> - ACS I/O Request Blocking needs to be enabled to avoid unintended
> upstream I/O requests.
> - ACS DSP and USP Memory Target Access Control needs to be set with
> Request Redirect or Request Blocking to ensure the Downstream and
> and Upstream Port memory resource ranges are not accessed by upstream
> memory requests.
> - ACS Unclaimed Request Redirect needs to be enabled to ensure accesses to
> areas that lies within a Switch's Upstream Port memory apertures but not
> within any Downstream Port memory apertures get redirected.
>
> To maintain compatibility with legacy devices that lack PCI_ACS_ECAP
> support, pci_acs_enabled() skips checking for the capability and logs a
> warning to indicate that isolation may be incomplete.
That's every existing system, please don't do that.
The issue with ECAP is the way PCI SIG re-defined what Linux has been
doing forever as unsafe.
Jason
>
> Signed-off-by: Wei Wang <wei.w.wang@...mail.com>
> ---
> drivers/pci/pci.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 67 insertions(+)
>
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index c4cf835ec8ba..ff974ced90aa 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -3527,6 +3527,56 @@ void pci_configure_ari(struct pci_dev *dev)
> }
> }
>
> +static bool pci_dev_has_memory_bars(struct pci_dev *pdev)
> +{
> + int i;
> +
> + for (i = 0; i <= PCI_ROM_RESOURCE; i++) {
> + if (pci_resource_flags(pdev, i) & IORESOURCE_MEM)
> + return true;
> + }
> +
> + return false;
> +}
> +
> +static bool pci_acs_ecap_enabled(struct pci_dev *pdev, u16 ctrl)
> +{
> + struct pci_dev *usp_pdev = pci_upstream_bridge(pdev);
> + u16 mask = PCI_ACS_DMAC_RB | PCI_ACS_DMAC_RR;
> +
> + /*
> + * For ACS DSP/USP Memory Target Access Control, either Request
> + * Redirect or Request Blocking must be enabled to enforce isolation.
> + * According to PCIe spec 6.2, the DSP Memory Target Access is
> + * applicable to both Root Ports and Switch Upstream Ports that have
> + * applicable Memory BAR space to protect. So if the device does not
> + * have a Memory BAR, it skips the check.
> + */
This doesn't make sense, the special cases PCI sig clarified only have
to do with switches that have MMIO on their USP/DSP and a case where
the DSP aperture isn't covered by all the USPs.
These tests shouldn't be done outside a usp/dsp context.
You can look at what I drafted earlier here:
https://lore.kernel.org/all/0-v3-8827cc7fc4e0+23f-pcie_switch_groups_jgg@nvidia.com/
Jason
Powered by blists - more mailing lists