Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1750214ybl; Tue, 3 Dec 2019 12:04:18 -0800 (PST) X-Google-Smtp-Source: APXvYqxNtC7jyhMozeOUsZEveiYHUbbj0kETv9QoLEolOAtI1XdXi3s9Ah4nXkHtYCPJVgoLdrkt X-Received: by 2002:aca:d4c1:: with SMTP id l184mr5272377oig.172.1575403458421; Tue, 03 Dec 2019 12:04:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575403458; cv=none; d=google.com; s=arc-20160816; b=b0GJZhWv3EhGu7BgvPUUPhss6KPUOyV121uBGb7lem5M1de8U6B32I5ccYm4LEnnPy DVbJsX1LvWBBPCyrwz6jn9ufu/pxBgaDw4UJt6WL0QQXGjqRbtFABzdx2sd1k6tENi1Z DstconbX9zykIFr0WNGEhyKT3Wf7PjPV6jDzotXDZzSJDaHiugEeoQTwqeTYjhP6Fqtx jDd8TKm0RYlkmL5ACczw4xCxJtye8+0NPq2HZfVnchpaycmrj6mnryprhHw6avfp/K/H whMMKQg28h2Z4dDD8h9MUyTNdhuhLsSBuHknhBAk/o+7pQ9G3jc4z0sKzfbDWyRoQG1W Ziiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=8ch+WNijaY6AsPxm0+XePiTtapq06gZNm+FnTtW+Yvk=; b=LT8sLo5emu6fV7I27v7+t76TiySa/d8GiQ5Zd7fK1YmcU91RPy+uJxohMl/StZx6hI 1XyDQxmk5Nzrs+SySzq2BD31E8krhmCrn8q/IV6BXIEE1oX1Ugu1HUL6n55mDu5GQA5R ab1QHPSAhaD/upuoKi1xfw4H3FpHRoEL9Y4Iwcp+B93qvZkdwkhfEmDMDOXtYy1Jw8IR QB7U90VVYa7ie/be0/LYHUMiuwsFioNQT5QW+I1oHazfHkOZRhUiTL+5h22zUnkVdA8J 80M5rYvcfSQCa1+KK1ifG0unECFH+z5TMc2ZjKSbMi0k1ThkY+pzSH9pch8f0ko4vJQU dW5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cUiQ2WxJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o13si1754650otp.27.2019.12.03.12.04.03; Tue, 03 Dec 2019 12:04:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cUiQ2WxJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726567AbfLCTkg (ORCPT + 99 others); Tue, 3 Dec 2019 14:40:36 -0500 Received: from mail-io1-f68.google.com ([209.85.166.68]:46015 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726079AbfLCTkf (ORCPT ); Tue, 3 Dec 2019 14:40:35 -0500 Received: by mail-io1-f68.google.com with SMTP id i11so5062152ioi.12 for ; Tue, 03 Dec 2019 11:40:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8ch+WNijaY6AsPxm0+XePiTtapq06gZNm+FnTtW+Yvk=; b=cUiQ2WxJYfgxGRtIYYrBFgideFa64zwJVC0xM+vPn1heDbtP8PS8yhn2SslWuKeDcv qhLffbJ3Uo+Xo+PBrM9d1srYRC+HpClcuPS7jDcp7nCHYvNKj3tAiPHBPOeKB6nyEJgr hAziOs01GF/Nm9RN1Ac/APBu0vvoX7TLuXjbEo16RDF+snyauxsyRnPMV36z/iiP3SDn hKDznvFTSRzqAqz2WkQLpDHNKsS+cvsRHjWorCY9fY2HMWbBfkQv7Akz/++xiyUkfxYF soTgico8aclq+HXraOhqfo7I5eaUa1BR59m74mMTlpG6jLAnZo16mBg2DDLjOz1EzXtX 1Nwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8ch+WNijaY6AsPxm0+XePiTtapq06gZNm+FnTtW+Yvk=; b=fgzlccU8fNwb48PMiJn78ZDoHfHCvfwiME7dQBDeOcdTwCwGTsr6Urskex5gG4zMSH XmAC119hQPWMA1QjLW/Ww1Y36VFPPzPjShxe2wHc/TthbJQ7DrZx02lkvl5Iaa/zqdm7 SUfMcK0fzvSDw+jT8yyu5HqX2oVNZ2/ebWccW4MY3ZxbqlY+2Pa8bAr8k+fLWXoup9ki B7T9W6LhA0RJC6SR0dPAFX4jLkmEZw+owOFoD1sumPUU2lcLPYswyrnZetBwceHsV3Mg rPlogf7AaW8hwcjAEHF5GXItXTfSStCXaxPOumm5GU8W1CEqDZ57n3336xhKQGmVkGuz EdtQ== X-Gm-Message-State: APjAAAWmih74yUne5By8Q7GYdniDri+GT5dN8qbiMaj1NEBgQ56iKcl3 /0BayU7HCdDC085wTPTILInOe/dkA04a8S2BDDiMGg== X-Received: by 2002:a5e:df06:: with SMTP id f6mr3715528ioq.84.1575402034437; Tue, 03 Dec 2019 11:40:34 -0800 (PST) MIME-Version: 1.0 References: <20191203004043.174977-1-matthewgarrett@google.com> In-Reply-To: From: Matthew Garrett Date: Tue, 3 Dec 2019 11:40:23 -0800 Message-ID: Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges during boot To: Ard Biesheuvel Cc: Laszlo Ersek , linux-efi , "the arch/x86 maintainers" , linux-pci , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 3, 2019 at 3:54 AM Ard Biesheuvel wrote: > There is no reason this shouldn't apply to ARM, but disabling bus > mastering like that before the drivers themselves get a chance to do > so is likely to cause trouble. Network devices or storage controllers > that are still running and have live descriptor rings in DMA memory > shouldn't get the rug pulled from under their feet like that by > blindly disabling the BM attribute on all root ports before their > drivers have had the opportunity to do this cleanly. Yes, whether this causes problems is going to be influenced by the behaviour of the hardware on the system. That's why I'm not defaulting it to being enabled :) > One trick we implemented in EDK2 for memory encryption was to do the > following (Laszlo, mind correcting me here if I am remembering this > wrong?) > - create an event X > - register an AtExitBootServices event that signals event X in its handler > - in the handler of event X, iterate over all PPBs to clear the bus > master attribute > - for bonus points, do the same for the PCIe devices themselves, > because root ports are known to exist that entirely ignore the BM > attribute > > This way, event X should get handled after all the drivers' EBS event > handlers have been called. Can we guarantee that this happens before IOMMU state teardown? I don't think there's a benefit to clearing the bit on endpoint devices, if they're malicious they're just going to turn it back on anyway.