Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4310444imu; Mon, 12 Nov 2018 09:00:08 -0800 (PST) X-Google-Smtp-Source: AJdET5cOVDqMez8no55QAksKdCiBoqcCws+ua0CZjNRMFXhIKKesfzNxUxL2SSQ1FiZAdVFNWYj7 X-Received: by 2002:a62:e707:: with SMTP id s7-v6mr1653440pfh.124.1542042008609; Mon, 12 Nov 2018 09:00:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542042008; cv=none; d=google.com; s=arc-20160816; b=XBG6gUQcmZBSjlHGAlSlUAghGMPPIlZDbAoOZKfalVgO8cNsGAUmn3e0+qfthzoGEP 49y6FkPqBnMYfA40CBHNReVi2qqg+eANuAqaS7YjEf/UKxboKzWh2LJ0bm7iVdi9grjA Mb29YENohhddIHuanj8EjylLO9V8/ZxYJrRkkDucDr5S03/xaoqb2LFa9RoesOaLjML4 8PGMtF/tzse9HFgPtcarumr/D8DVU9taDFDw0CcJqCNIF9TiaD0bzGNDp6LBlgXImNW6 v9cj6zDkPfVNh5ppQaT+4g7+9qV+wY+CXVA5pfq00irAHdvsw8arXZmp+pEvXXtfC+y/ nNng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=g3aAcVZkUdgrmpGIMCH7ZxaR4fyo0bRUS9BsV8k83H4=; b=T2stzdYWpnfEBkyBGJb+ef0lxAkYQLoPAGqkKCTdu4tohzwmsCD924z3o4xpr50sk/ nytRQycZRM/an4whxcjSUomxRsEzwUjnxalKxxMoiX0mThxiCEocbJbRaE27mhohNbUr MFpuFUOKqIcBnzcrVh5O7Q0Ux5+JrVvnnlsaMUG3ZRgLn10la4UwTMOKM/vHaBFkCPOj Y+hjSW8i0Q0KLIqXehl+4ypndkeSIqzf7hA/Ai4/Rduiln0YbqOvBn8vA2rG9/Dh8pT/ /1cJTAjeP9lvu/BB68jKYHjimwdfCCLqlNm2F/8cdYj2xuLMZtodR2hQjl3sEYQ1SwPQ Ag9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fGg6f+3v; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s75-v6si3889401pfa.285.2018.11.12.08.59.52; Mon, 12 Nov 2018 09:00:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fGg6f+3v; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729397AbeKMCx0 (ORCPT + 99 others); Mon, 12 Nov 2018 21:53:26 -0500 Received: from mail-it1-f194.google.com ([209.85.166.194]:51612 "EHLO mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727130AbeKMCxZ (ORCPT ); Mon, 12 Nov 2018 21:53:25 -0500 Received: by mail-it1-f194.google.com with SMTP id m34-v6so13628328iti.1; Mon, 12 Nov 2018 08:59:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g3aAcVZkUdgrmpGIMCH7ZxaR4fyo0bRUS9BsV8k83H4=; b=fGg6f+3v21EyMFVZuxokk8A9DdZMEN9xY6C2TkUM2NCRFaY1IG+Iqaicp7/tIgr8yF lW0swmlDqTM5vGSA41Ty3+0ZuO1T9+JgWlc89ABoHlE79nrAdj3tqQGX2a8kvOXDKrhK 5JCGvI1BCCbhZORxi79kESRsl7GKM13crMuy5SZ6fX24kRNrQzs9agcXPaaXbE3KEYpv MBCfCxGZCZNl2vCfKMSn1jFmcj3OASdzwWqRto7erJZe7ZY8NjpOVayKGflKKAvRcxc4 0athJwcv/ExXX4tqANDFk7iOVK7yk35NG/WQv/r2tU1NxZSXKxbpKK1NFEPdMGLRfmpo JPgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g3aAcVZkUdgrmpGIMCH7ZxaR4fyo0bRUS9BsV8k83H4=; b=nsBhCqmM/qGLDxzud6WESR0J64XI90cmfExH998cLQWH2Wlc7UsWkHZUPHg79br9rq jhZQ3zHnVO/cPjZWGRCZKrH7abjqvy5GAYfQXusM9KGvVnzww+LsELorzZq7UiVGRI9B OaSZJR8/C+34QG8DsO+mSSIQukZsaSORX3gaz2JqjEDRrrySbdBHl0ncDBPiTEkYeaYE gNZGnFPazyAFJ27O6bU8tO2NrQiEBKsFHK8VlP/BULyGS4BVLyXoVBLcgdfUiHBXDYGD AMU8oaXXnzana+qu9ki94xbN6iVHqUcJn4SpXEzvEwbsSNRyuhRTYVWkOpLWOY6O6kNP sRDQ== X-Gm-Message-State: AGRZ1gIWBkGUIjVzzXD3FA9ppzQ2HtJ+LStmJ6Lgy6xYer2933cQZdyX W2xX2kIvae6joeELg7T6LovRqcq587zzuSzJSN0= X-Received: by 2002:a24:a0cb:: with SMTP id o194mr377282ite.115.1542041959430; Mon, 12 Nov 2018 08:59:19 -0800 (PST) MIME-Version: 1.0 References: <20181112160628.86620-1-mika.westerberg@linux.intel.com> <20181112160628.86620-5-mika.westerberg@linux.intel.com> In-Reply-To: <20181112160628.86620-5-mika.westerberg@linux.intel.com> From: Yehezkel Bernat Date: Mon, 12 Nov 2018 18:59:02 +0200 Message-ID: Subject: Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace To: Mika Westerberg Cc: iommu@lists.linux-foundation.org, joro@8bytes.org, dwmw2@infradead.org, baolu.lu@linux.intel.com, ashok.raj@intel.com, bhelgaas@google.com, rjw@rjwysocki.net, jacob.jun.pan@intel.com, Andreas Noever , michael.jamet@intel.com, lukas@wunner.de, Christian Kellner , Mario Limonciello , Anthony Wong , linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 12, 2018 at 6:06 PM Mika Westerberg wrote: > > Recent systems shipping with Windows 10 version 1803 or later may > support a feature called Kernel DMA protection [1]. In practice this > means that Thunderbolt connected devices are placed behind an IOMMU > during the whole time it is connected (including during boot) making > Thunderbolt security levels redundant. Some of these systems still have > Thunderbolt security level set to "user" in order to support OS > downgrade (the older version of the OS might not support IOMMU based DMA > protection so connecting a device still relies on user approval then). > > Export this information to userspace by introducing a new sysfs > attribute (iommu_dma_protection). Based on it userspace tools can make > more accurate decision whether or not authorize the connected device. > > In addition update Thunderbolt documentation regarding IOMMU based DMA > protection. > > [1] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt > > Signed-off-by: Mika Westerberg > --- I can't comment on the IOMMU side, but the Thunderbolt side looks good to me. Just one point: Have you considered the option to add this property per (TBT?) device? If the kernel may decide to enable/disable the IOMMU or AST per device, maybe it should be on this level. Or maybe the IOMMU decision isn't going to change (it's system-wide) and the AST decision will be communicated per device by a new sysfs attribute anyway, if needed?