Re: [RFC] thunderbolt: Automatically authorize PCIe tunnels when IOMMU is active

From: Mika Westerberg
Date: Wed Mar 16 2022 - 02:30:15 EST

Next message: menglong8 . dong: "[PATCH net-next v3 0/3] net: icmp: add skb drop reasons to icmp"
Previous message: Greg KH: "Re: [PATCH] staging: rts5208: Resolve checkpath.pl issues."
Next in thread: Limonciello, Mario: "RE: [RFC] thunderbolt: Automatically authorize PCIe tunnels when IOMMU is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mario,

On Tue, Mar 15, 2022 at 04:30:08PM -0500, Mario Limonciello wrote:
> Historically TBT3 in Linux used "Thunderbolt security levels" as a primary
> means of "security" against DMA attacks. This mean that users would need to
> ack any device plugged in via userspace. In ~2018 machines started to use
> the IOMMU for protection, but instead of dropping security levels a
> convoluted flow was introduced:
> * User hotplugs device
> * Driver discovers supported tunnels
> * Driver emits a uevent to userspace that a PCIe tunnel is present
> * Userspace reads 'iommu_dma_protection' attribute (which currently
> indicates an Intel IOMMU is present and was enabled pre-boot not that
> it's active "now")
> * Based on that value userspace then authorizes automatically or prompts
> the user like how security level based support worked.

There are legitimate reasons to disable PCIe tunneling even if the IOMMU
bits are in place. The ACPI _OSC allows the boot firmware to do so and
our "security levels" allows the userspace policy to do the same. I
would not like to change that unless absolutely necessary.

Next message: menglong8 . dong: "[PATCH net-next v3 0/3] net: icmp: add skb drop reasons to icmp"
Previous message: Greg KH: "Re: [PATCH] staging: rts5208: Resolve checkpath.pl issues."
Next in thread: Limonciello, Mario: "RE: [RFC] thunderbolt: Automatically authorize PCIe tunnels when IOMMU is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]