Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1329774ybl; Fri, 13 Dec 2019 13:26:02 -0800 (PST) X-Google-Smtp-Source: APXvYqxkM+JbGfKHMEfN54XmRxeax5L/c0FqyT42+6TpUBM8K28QFMaChYAswUQDFktqKzyffCYF X-Received: by 2002:a05:6830:15d9:: with SMTP id j25mr16258742otr.279.1576272362646; Fri, 13 Dec 2019 13:26:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576272362; cv=none; d=google.com; s=arc-20160816; b=rG+VEAWH/HwNoA5YkLSmo/jTmsfQYGuZp+/NhDBKrUY+nYdSIA4pHMf4PalEJgBLZL 9/CVlnQ7eqWgf6n7siDq5fjXuS+rQY4oxYZp8JVKJEUrX5/Wb2cICOfT8++jqH+LQmC0 Luuhs0BeAZ+y+BZUiDa08BaIZU1C5sPAU0Z1bjA0R5FMyrV87FjmBqAQA4OyOel5YSms i5JL377Y8WcLYyYUEJMAaaZrnYOMV2ybWYM0vimR5QIum0pFp8NSGXjYM4pS/xW2/EOF BKc7zJ1T+NZMswOpLaleVxs5j9E5VIbvKQEuqBqpHJ6NY7Fz0z5AOq/gCyZgU7qy/G8W js4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=; b=NjvshYjtzLagQ7DV+Tw5K1NLSDslSvJs3YwyLArQBpDcbHrfTc2KZtNE8r3xLttNTc WrDl4YJ716n2y/gY4cEwBvI0uzlyHwSzdLv8Yr8wuYeN2GYJ444H2+8T/eyooniKNiGQ 7zDPeANlONjeH4G+Z1m7eIrn2aFLP7/X+juua0FyY+bT+DZNGxZ92jtXusYemazZTxuK Pm9nOsyqOqwQHpnLfQEeOfI6NG1foCOq2XUI3QY9AiYYItMCw2DG1VJ/aQcUYYum3uyQ 5WL/rppaXthk4z5XWS0TOw0ipWHQ8EJ6WA0HrIWN+9eEhKZhdtV8rZSsXXsfvXNa3AZP Q5PA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ACUakujh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a26si5725196oto.199.2019.12.13.13.25.50; Fri, 13 Dec 2019 13:26:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ACUakujh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726736AbfLMVYs (ORCPT + 99 others); Fri, 13 Dec 2019 16:24:48 -0500 Received: from mail-il1-f195.google.com ([209.85.166.195]:46460 "EHLO mail-il1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726683AbfLMVYs (ORCPT ); Fri, 13 Dec 2019 16:24:48 -0500 Received: by mail-il1-f195.google.com with SMTP id t17so569125ilm.13 for ; Fri, 13 Dec 2019 13:24:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=; b=ACUakujhnGW2MtAPIdsq2dzxITzFJAyUw4n1m3wvSShsTuvSKj9O0/gmzx3CgPtOwJ /eSBPWw/gKFFBq3gV59Y2CnL9oIMb+Qy8DQEF/evgpiCnhodb+DWZhYu9YoZWCtfaJfM Unlrkn4OCs3BQ9uXhVmzB7oePCKL2PI8t38qnQX1vwmogdlGEYVYpLLs9oJH+HNpNewa sXu6oO8tje/uQ2WAgXBQcCzI9PYrsgkF3Tp6NHdg1/JmUieGZ+k4gLTixIGhGZkvuXQM AUkAWstF8CZ9+uj0Onthy4T6UgUgqMxnv3uVM8/RAJBFUrPdrdr24+6KZqnZS6CBhe18 Xc/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=; b=jMr2OCMg8oQMqcN+SnX8HBs5M2rZJ6E0l7jqJdBCzyxdg3+Iz9BFZkc4MpXePOWUyt kA4pFIDBZ74TQhDFM8yTR73HDnEWbVlnAyfdlTCN6AOWHrESaNsnN1I4Cw4Vo/B/q6NY 9AUFQK+JiCs+Shf5op/RRWkboMNpc/PbBtQSIqfk04g6QeglRgXo3zGic7stlhbzfSqk SfEBX3RsqjfkkmUU+WXFv/5H+2VixbLEpEMa9MdhjTKonYJQ0R5BSNPrjX4MOSZhpMxs KihdqOWiMaxBIFWKSRN3+wdNuQp+pbxZQ8p7EVsLd1gDUDmSZiI7TMMUuGeWNZa5W2gk SLbw== X-Gm-Message-State: APjAAAUMP6OWpxabiaIEggqxQNXl2FJWnbtWTfKVKPMlBq1ljPKBd2jg LTrZkLEHU83XFsQGeAeKwwDh/eulNGf1p+emSAteew== X-Received: by 2002:a92:3bc7:: with SMTP id n68mr1443685ilh.84.1576272287148; Fri, 13 Dec 2019 13:24:47 -0800 (PST) MIME-Version: 1.0 References: <20191203004043.174977-1-matthewgarrett@google.com> In-Reply-To: From: Matthew Garrett Date: Fri, 13 Dec 2019 13:24:35 -0800 Message-ID: Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges during boot To: Ard Biesheuvel Cc: Andy Lutomirski , linux-efi , X86 ML , linux-pci , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 12, 2019 at 7:46 AM Ard Biesheuvel wrote: > > On Wed, 4 Dec 2019 at 20:56, Matthew Garrett wrote: > > We already handle this case - the kernel doesn't activate busmastering > > until after it does IOMMU setup. > > Build issues aside (which we already handled off list), I think we > should consider the following concerns I have about this patch: > - make it work on ARM (already done) > - make the cmdline option an efi=xxx one, this makes it obvious which > context this is active in Ok. > - I would prefer it if we could make it more obvious that this affects > PCI DMA only, other masters are unaffected by any of this. Ok - in terms of naming, or in terms of documentation? > - What about integrated masters? On the systems I have access to, > there are a lot of DMA capable endpoints that sit on bus 0 without any > root port or PCI bridge in between There's not really anything we can do about those. My gut feeling is that if you're in a situation where you can't trust your integrated chipset then you're going to have trouble building any real trust in the platform. > - Should we treat GOP producers differently? Or perhaps only if the > efifb address is known to be carved out of system memory? Hm, good question. Video cards are one of the most complicated devices on the system, so I'd prefer not to leave us vulnerable to them. Maybe try this as an opt-in thing for a while and see whether people find graphics-related breakage? > If we come up with a good story here in terms of policy, we may be > able to enable this by default, which would be a win imo. I'm pretty sure we're going to have some hardware that this just breaks on, unfortunately - Apple's EFI driver for Broadcom wifi used to continue DMAing over ExitBootServices(), and the "easy" fix of disabling BME on it beforehand resulted in the card wedging on driver load, so I think we'll see other devices that have similar behaviour. (We "fixed" the Apple case by putting the card into S3)