Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted

From: Rajat Jain
Date: Fri Jan 28 2022 - 16:34:56 EST

Next message: kernel test robot: "[deller-parisc:5.17-vdso-mini-3 1/1] arch/parisc/kernel/vdso.c:58:38: warning: variable 'vdso_mapping_len' set but not used"
Previous message: Jane Chu: "[PATCH v5 7/7] pmem: fix pmem_do_write() avoid writing to 'np' page"
In reply to: Mika Westerberg: "Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted"
Next in thread: Jean-Philippe Brucker: "Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mika, All,

On Thu, Jan 27, 2022 at 11:49 PM Mika Westerberg
<mika.westerberg@xxxxxxxxxxxxxxx> wrote:
>
> Hi,
>
> On Thu, Jan 27, 2022 at 02:26:07PM -0800, Rajat Jain wrote:
> > Hello Rafael, Bjorn, Mika, Dmitry, Greg,
> >
> > Thanks a lot for your comments.
> >
> > On Tue, Jan 25, 2022 at 6:45 AM Rafael J. Wysocki <rafael@xxxxxxxxxx> wrote:
> > >
> > > On Tue, Jan 25, 2022 at 1:55 PM Mika Westerberg
> > > <mika.westerberg@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > On Tue, Jan 25, 2022 at 12:15:02PM +0100, Greg Kroah-Hartman wrote:
> > > > > On Tue, Jan 25, 2022 at 12:58:52PM +0200, Mika Westerberg wrote:
> > > > > > On Mon, Jan 24, 2022 at 08:27:17AM +0200, Mika Westerberg wrote:
> > > > > > > > > This patch introduces a new "UntrustedDevice" property that can be used
> > > > > > > > > by the firmware to mark any device as untrusted.
> > > > > > >
> > > > > > > I think this new property should be documented somewhere too (also
> > > > > > > explain when to use it instead of ExternalFacingPort). If not in the
> > > > > > > next ACPI spec or some supplemental doc then perhaps in the DT bindings
> > > > > > > under Documentation/devicetree/bindings.
> > > > > >
> > > > > > Actually Microsoft has similar already:
> > > > > >
> > > > > > https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-internal-pcie-ports-accessible-to-users-and-requiring-dma-protection
> > > > > >
> > > > > > I think we should use that too here.
> >
> > But because this property also applies to a root port (only), it only
> > helps if the device is downstream a PCIe root port. In our case, we
> > have an internal (wifi) device 00:14.3 (sits on the internal PCI bus
> > 0), so cannot use this.
>
> Right. I wonder if we can expand it to cover all internal devices, not
> just PCIe root ports? We anyways need to support that property so does
> not make much sense to me to invent yet another that does pretty much
> the same thing.

I'm open to doing so if the others also feel the same way. IMHO
though, the semantics of ACPI "DmaProperty" differ from the semantics
of the property I'm proposing here.

The current (documented) semantics (of "DmaProperty"): *This device
(root port) is trusted*, but any devices downstream are not to be
trusted.

What I need and am proposing (new "UntrustedDevice"): *This device as
well as any downstream devices* are untrusted.

Note that there may be firmware implementing "DmaProperty" already out
there (for windows), and if we decide to use it for my purposes, then
there shall be a discrepancy in how Linux uses that property vs
Windows. Is that acceptable?

Thanks & Best Regards,

Rajat

Next message: kernel test robot: "[deller-parisc:5.17-vdso-mini-3 1/1] arch/parisc/kernel/vdso.c:58:38: warning: variable 'vdso_mapping_len' set but not used"
Previous message: Jane Chu: "[PATCH v5 7/7] pmem: fix pmem_do_write() avoid writing to 'np' page"
In reply to: Mika Westerberg: "Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted"
Next in thread: Jean-Philippe Brucker: "Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]