Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4392886imu; Mon, 12 Nov 2018 10:14:31 -0800 (PST) X-Google-Smtp-Source: AJdET5fitLaZEfEtBqRBmuZaOPh4NYicZvfrcZRNocY2gFrXJm9NXqWhHVobJtoPRzO8M48ySk5O X-Received: by 2002:a62:184e:: with SMTP id 75mr1848547pfy.28.1542046471647; Mon, 12 Nov 2018 10:14:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542046471; cv=none; d=google.com; s=arc-20160816; b=FVySAF36im4oHQ7ad+dwXdfYCs8zU4g0RXf88gTr6YOTUiq+ahIfp4z7IEW2xZUxi6 CsHctmYOwOXTUd6cRIuah+CRcgYT+R14JN6+TGof4pS5aIMdN2qK0qNYWXzNdhIfLv+L GRu5xrn4JNn5/ZS+LecYQMLIq/al+3m5o74mL/C5s2b2mi9Hjx6SzDoMkPqCv4FHCSmX TqjtUSsDd8t5I0ATV/+s7RQS6L/65O5/axuQZoMHf5XGNY5x61W2njFjmBZt+C18Kspj ZPa6a+uhxbgz8tlypEN9xI4oLxZ4QgYXYciwYSOqncuWl6XHOPgyzIks4n5rTdTb9Rz4 DLQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=5R0VNa2J0KEXWG17u0hC25+J33fD36AhT96P0JhsG/g=; b=0/mGWNgHwCnldvWZjASgGbS2ap5kSAfP1gDvrdvR87bCsRiluauYfnu/llOC5cN+5S I7N1wOHPkZf/tfgiY/tTjhSL48Yb2nn3Sxy94gZnCT2pzws3K2uPcz2x99J/ijsSrbxY Hm7KaAeJ2C5OSSEQzc6RFYkxTDq6hYsT2ndo/HEwY35EMAkjGqu+H0+gE6+/kCgZW6/s PgEHaKW+jmlJHRt9Gl+8x5Mg91E+qYG142XGYhd1T2w4wP2zd0lJThIqxYo6xNGCmZEL /zcvWDBlQTa9xKRYmOEAskuE/eFyxLJjUduGbWgSJ7/NqmdwdMjsFUcCOU7CbuzYwvLA YfxQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 69si17606891pgd.290.2018.11.12.10.14.14; Mon, 12 Nov 2018 10:14:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730079AbeKMEGi (ORCPT + 99 others); Mon, 12 Nov 2018 23:06:38 -0500 Received: from bmailout3.hostsharing.net ([176.9.242.62]:36337 "EHLO bmailout3.hostsharing.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727247AbeKMEGi (ORCPT ); Mon, 12 Nov 2018 23:06:38 -0500 Received: from h08.hostsharing.net (h08.hostsharing.net [83.223.95.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.hostsharing.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified)) by bmailout3.hostsharing.net (Postfix) with ESMTPS id 58B7B100DA1DF; Mon, 12 Nov 2018 19:12:15 +0100 (CET) Received: by h08.hostsharing.net (Postfix, from userid 100393) id BA7C04D2DB; Mon, 12 Nov 2018 19:12:14 +0100 (CET) Date: Mon, 12 Nov 2018 19:12:14 +0100 From: Lukas Wunner To: Mika Westerberg Cc: iommu@lists.linux-foundation.org, Joerg Roedel , David Woodhouse , Lu Baolu , Ashok Raj , Bjorn Helgaas , "Rafael J. Wysocki" , Jacob jun Pan , Andreas Noever , Michael Jamet , Yehezkel Bernat , Christian Kellner , Mario.Limonciello@dell.com, Anthony Wong , linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection Message-ID: <20181112181214.xaahc5wni4vuwl6h@wunner.de> References: <20181112160628.86620-1-mika.westerberg@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181112160628.86620-1-mika.westerberg@linux.intel.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 12, 2018 at 07:06:24PM +0300, Mika Westerberg wrote: > Recent systems shipping with Windows 10 version 1803 or newer may be > utilizing IOMMU to prevent DMA attacks via Thunderbolt ports. This is > different from the previous security level based scheme because the > connected device cannot access system memory outside of the regions > allocated for it by the driver. > > When enabled the BIOS makes sure no device can do DMA outside of RMRR > (Reserved Memory Region Record) regions. This means that during OS boot, > before it enables IOMMU, none of the connected devices can bypass DMA > protection for instance by overwriting the data structures used by the > IOMMU. The BIOS communicates support for this to the OS by setting a new > bit in ACPI DMAR table [1]. > > Because these systems utilize an IOMMU to block possible DMA attacks, > typically (but not always) the Thunderbolt security level is set to "none" > which means that all PCIe devices are immediately usable. This also means > that Linux needs to follow Windows 10 and enable IOMMU automatically when > running on such system otherwise connected devices can read/write system > memory pretty much without any restrictions. What if the system is booted from a Thunderbolt-attached disk? Won't this suddenly break with these patches? That would seem like a pretty significant regression. What if the only GPU in the system is Thunderbolt-attached? Is it possible to recognize such scenarios and automatically exempt affected devices from IOMMU blocking? Thanks, Lukas