Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp850746ybl; Wed, 4 Dec 2019 12:01:23 -0800 (PST) X-Google-Smtp-Source: APXvYqxUuTQRZtBFNc6NwlNOE9Vr+qwT8M6ndsZ7RhyAxFQaekNkw7YwgFJsnFBtqo0vDGBJlGHF X-Received: by 2002:aca:530e:: with SMTP id h14mr3831620oib.105.1575489683664; Wed, 04 Dec 2019 12:01:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575489683; cv=none; d=google.com; s=arc-20160816; b=aB2pT42K80F4BEWQkk/tKI5IZhUd8utoWJS5juCoN3nai8XCdW7cGzPGzX03TCMNoq MRmQKxHJYpd77S1IuU06JYOqGSABbzNCqZhpzRLOurvifRFGvMm5bORW2jxRLrDpODAj veu6A1tTwEkbmKnoSLZBCmKtmv3x5WyFRMPqewDZePCSwes7jED6IG6U0GY+quC0PLtk lCefc+chXlyYebU7sY5N4kzgmGe6m9/pXDb90NVlnE0/k7dy3IkFQwwG1XlPMEqlAdIm IBlRkVQFTa8J6ESb5yyniwns0Jsb5DKGoSirZlf1g6UkM8E9VV1qvoNzyY0XlSpOjjS2 fZEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=eHZxpeTMFmIGKyX/u6Ck5ynkwqdqFqF88hy62xK7Ow0=; b=0rDEnWa72JWaPAl4KJwLkOvHQbMpmiu1XpKnaiACXpvFAf0RwIlVRwW+CRoI0lgnQ7 ZIb/CuxxocQrMZBXygH9fo7eQVv4pRrBM/j0PnaefflHH61tPDmxsqdqfeTjhIf/l+iZ vZvYPFTkBkFBa2wLKgUBP8VicLcHww0deQGQq3Ajx3ClTCktBKGgIUx4l4ki0fefKM1R uGIbSi/Hk65wor2ghbHmIVkzVYqwXFId+kSpQGVgAEf5I8pvC7Qd3ywH7j5DH6utFG44 NJtMFLwzB8EsT1UZNI8KV56k23YS8F3I5SiRb4IMQq0A/hr7m4oM0iawtn5XAy4eB+yf RGiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OfTsMSij; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m2si3483786otk.122.2019.12.04.12.01.03; Wed, 04 Dec 2019 12:01:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OfTsMSij; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728119AbfLDTaD (ORCPT + 99 others); Wed, 4 Dec 2019 14:30:03 -0500 Received: from mail-io1-f51.google.com ([209.85.166.51]:42625 "EHLO mail-io1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727982AbfLDTaD (ORCPT ); Wed, 4 Dec 2019 14:30:03 -0500 Received: by mail-io1-f51.google.com with SMTP id f82so845112ioa.9 for ; Wed, 04 Dec 2019 11:30:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eHZxpeTMFmIGKyX/u6Ck5ynkwqdqFqF88hy62xK7Ow0=; b=OfTsMSijIx5iDrE4MnefnhvZ+b7PAIFi7aycruSOY+czu8tdUMowgRXwWw4/bF8H5O Ms852QSI76/0YKXmx47+KdTOx6C70xf1FcZhmXAgIZjbQdvzpTHrK+SqRlyuXh5iJedZ sIl5S0NraNkCvtwIC7Sr/K9sh9nGezYjl6U7gv+gPoWX8ozE5fKwF9wBZeff3fW+WbbR WlK7F/sIQQX6xWIDYdQ72y0FPyoL8vLIc+6ZiGf/4SCkqw0rSX8wxPq/3MyHTE/BPlbb xdjsB8IPxpfwl3xYWudiWVcbzntzTrcPC84Jx9nLvv+1X66yHwTzJqn01NI4dlkniZ0J m63A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eHZxpeTMFmIGKyX/u6Ck5ynkwqdqFqF88hy62xK7Ow0=; b=QopEpn1CotC4U67zn2j7407h1Fciegw0+AAbXd+tGGswWECZ2O5AlQo5vTcUucbq0A UqSvwoszpVzp+kFftuMvgIWVpjxQQrxtZdKh40mDXAeddcARXAfrv5fiRm7z4MU43CSe UV/CnGeUnRT4ukF3wx16y2fhsd3g7i65ynjQEY8hfQy7zMn4CFxImH1bMbZtgqCQbqrd /BO+FSLsNaEYD2rWkCwA3GmOFk5nuBCCw7DyDdrdcSb7FkOdBU8TBU+vNiZL2ek5fDdN NM7hskK1ZksjvqgiOeQwAJTZ/r/IrHgewzddMY5/mT7lyq8Pgh1/gLXAck2Sit35C8e0 XDkw== X-Gm-Message-State: APjAAAVESSTRv3sPxKvAIARdzGhgnYfYRe71kxeihUdxMehvBhmO3TNq 1n/fdXq4QOuRGUD0WyMmPgrsqczTQBAWnTKESPXYEg== X-Received: by 2002:a5e:880a:: with SMTP id l10mr3349954ioj.64.1575487801709; Wed, 04 Dec 2019 11:30:01 -0800 (PST) MIME-Version: 1.0 References: <20191203004043.174977-1-matthewgarrett@google.com> <41cecdd8-f411-00c4-be82-be5d4d13fcb1@redhat.com> In-Reply-To: <41cecdd8-f411-00c4-be82-be5d4d13fcb1@redhat.com> From: Matthew Garrett Date: Wed, 4 Dec 2019 11:29:48 -0800 Message-ID: Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges during boot To: Laszlo Ersek Cc: Ard Biesheuvel , linux-efi , "the arch/x86 maintainers" , linux-pci , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 3, 2019 at 11:11 PM Laszlo Ersek wrote: > But in this case, we'd have to insert the PPB clearing *before* the > (platform's) IOMMU driver's EBS handler (because the latter is going to > deny, not permit, everything); and we can't modify the IOMMU driver. > > I guess we could install an EBS handler with TPL_NOTIFY (PciIo usage > appears permitted at TPL_NOTIFY, from "Table 27. TPL Restrictions"). But: > - if the IOMMU driver's EBS handler is also to be enqueued at > TPL_NOTIFY, then the order will be unspecified > - if a PCI driver sets up an EBS handler at TPL_CALLBACK, then in our > handler we could shut down a PPB in front of a device bound by that > driver too early. Yeah, that's my concern - doing this more correctly seems to leave us in a situation where we're no longer able to make guarantees about the security properties of the feature. I think I prefer going with something that's guaranteed to give us the properties we want, even at the expense of some compatibility - users who want this can validate it against their platform.