| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<SI2PR01MB43931402377765D5DEA04ED3DC65A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com>
Date: Sat, 7 Feb 2026 19:30:59 +0800
From: Wei Wang <wei.w.wang@...mail.com>
To: bhelgaas@...gle.com,
jgg@...dia.com,
akpm@...ux-foundation.org,
bp@...en8.de,
rdunlap@...radead.org,
alex@...zbot.org,
kevin.tian@...el.com
Cc: linux-kernel@...r.kernel.org,
linux-pci@...r.kernel.org,
wei.w.wang@...mail.com
Subject: [PATCH v4 2/2] PCI: Add the enhanced ACS controls check to pci_acs_flags_enabled()
The enhanced ACS controls introduced by PCIe Gen 5 ensures better device
isolation. On devices that support the PCI_ACS_ECAP capability, the
controls are required to be enabled properly:
- ACS I/O Request Blocking needs to be enabled to avoid unintended
upstream I/O requests.
- ACS DSP and USP Memory Target Access Control needs to be set with
Request Redirect or Request Blocking to ensure the Downstream and
Upstream Port memory resource ranges are not accessed by upstream
memory requests.
- ACS Unclaimed Request Redirect needs to be enabled to ensure accesses to
areas that lies within a Switch's Upstream Port memory apertures but not
within any Downstream Port memory apertures get redirected.
To maintain compatibility with legacy devices that lack PCI_ACS_ECAP
support, pci_acs_enabled() skips checking for the capability.
Signed-off-by: Wei Wang <wei.w.wang@...mail.com>
---
drivers/pci/pci.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 1714e29ce099..53e79948b4ea 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -3527,6 +3527,56 @@ void pci_configure_ari(struct pci_dev *dev)
}
}
+static bool pci_dev_has_memory_bars(struct pci_dev *pdev)
+{
+ int i;
+
+ for (i = 0; i <= PCI_ROM_RESOURCE; i++) {
+ if (pci_resource_flags(pdev, i) & IORESOURCE_MEM)
+ return true;
+ }
+
+ return false;
+}
+
+static bool pci_acs_ecap_enabled(struct pci_dev *pdev, u16 ctrl)
+{
+ bool is_dsp = pci_pcie_type(pdev) == PCI_EXP_TYPE_DOWNSTREAM;
+ struct pci_dev *usp_pdev = pci_upstream_bridge(pdev);
+ u16 mask = PCI_ACS_DMAC_RB | PCI_ACS_DMAC_RR;
+
+ /*
+ * For ACS DSP/USP Memory Target Access Control, either Request
+ * Redirect or Request Blocking must be enabled to enforce isolation.
+ * According to PCIe spec 7.0, the DSP Memory Target Access is
+ * applicable to both Root Ports and Switch Upstream Ports that have
+ * applicable Memory BAR space to protect. So if the device does not
+ * have a Memory BAR, it skips the check.
+ */
+ if (pci_dev_has_memory_bars(pdev) &&
+ (ctrl & mask) != PCI_ACS_DMAC_RB &&
+ (ctrl & mask) != PCI_ACS_DMAC_RR)
+ return false;
+
+ mask = PCI_ACS_UMAC_RB | PCI_ACS_UMAC_RR;
+ /*
+ * The USP Memory Target Access is only applicable to downstream ports
+ * that have applicable Memory BAR space in the Switch Upstream Port to
+ * protect.
+ */
+ if (is_dsp && pci_dev_has_memory_bars(usp_pdev) &&
+ (ctrl & mask) != PCI_ACS_UMAC_RB &&
+ (ctrl & mask) != PCI_ACS_UMAC_RR)
+ return false;
+
+ /* PCI_ACS_URRC is applicable to Downstream Ports only. */
+ if (is_dsp && !(ctrl & PCI_ACS_URRC))
+ return false;
+
+ /* PCI_ACS_IB is applicable to both Root and Downstream Ports. */
+ return !!(ctrl & PCI_ACS_IB);
+}
+
static bool pci_acs_flags_enabled(struct pci_dev *pdev, u16 acs_flags)
{
int pos;
@@ -3545,6 +3595,19 @@ static bool pci_acs_flags_enabled(struct pci_dev *pdev, u16 acs_flags)
acs_flags &= (cap | PCI_ACS_EC);
pci_read_config_word(pdev, pos + PCI_ACS_CTRL, &ctrl);
+
+ if (acs_flags & PCI_ACS_ECAP) {
+ if ((cap & PCI_ACS_ECAP) && !pci_acs_ecap_enabled(pdev, ctrl))
+ return false;
+
+ /*
+ * The check for the required controls in PCI_ACS_ECAP has
+ * passed. Clear the ECAP flag and continue to check the
+ * basic ACS controls.
+ */
+ acs_flags &= ~PCI_ACS_ECAP;
+ }
+
return (ctrl & acs_flags) == acs_flags;
}
@@ -3603,6 +3666,8 @@ bool pci_acs_enabled(struct pci_dev *pdev, u16 acs_flags)
*/
case PCI_EXP_TYPE_DOWNSTREAM:
case PCI_EXP_TYPE_ROOT_PORT:
+ /* PCI_ACS_ECAP applies to Root and Downstream Ports only */
+ acs_flags |= PCI_ACS_ECAP;
return pci_acs_flags_enabled(pdev, acs_flags);
/*
* PCIe 3.0, 6.12.1.2 specifies ACS capabilities that should be
--
2.51.0
Powered by blists - more mailing lists