Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1329774ybl;
        Fri, 13 Dec 2019 13:26:02 -0800 (PST)
X-Google-Smtp-Source: APXvYqxkM+JbGfKHMEfN54XmRxeax5L/c0FqyT42+6TpUBM8K28QFMaChYAswUQDFktqKzyffCYF
X-Received: by 2002:a05:6830:15d9:: with SMTP id j25mr16258742otr.279.1576272362646;
        Fri, 13 Dec 2019 13:26:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576272362; cv=none;
        d=google.com; s=arc-20160816;
        b=rG+VEAWH/HwNoA5YkLSmo/jTmsfQYGuZp+/NhDBKrUY+nYdSIA4pHMf4PalEJgBLZL
         9/CVlnQ7eqWgf6n7siDq5fjXuS+rQY4oxYZp8JVKJEUrX5/Wb2cICOfT8++jqH+LQmC0
         Luuhs0BeAZ+y+BZUiDa08BaIZU1C5sPAU0Z1bjA0R5FMyrV87FjmBqAQA4OyOel5YSms
         i5JL377Y8WcLYyYUEJMAaaZrnYOMV2ybWYM0vimR5QIum0pFp8NSGXjYM4pS/xW2/EOF
         BKc7zJ1T+NZMswOpLaleVxs5j9E5VIbvKQEuqBqpHJ6NY7Fz0z5AOq/gCyZgU7qy/G8W
         js4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=;
        b=NjvshYjtzLagQ7DV+Tw5K1NLSDslSvJs3YwyLArQBpDcbHrfTc2KZtNE8r3xLttNTc
         WrDl4YJ716n2y/gY4cEwBvI0uzlyHwSzdLv8Yr8wuYeN2GYJ444H2+8T/eyooniKNiGQ
         7zDPeANlONjeH4G+Z1m7eIrn2aFLP7/X+juua0FyY+bT+DZNGxZ92jtXusYemazZTxuK
         Pm9nOsyqOqwQHpnLfQEeOfI6NG1foCOq2XUI3QY9AiYYItMCw2DG1VJ/aQcUYYum3uyQ
         5WL/rppaXthk4z5XWS0TOw0ipWHQ8EJ6WA0HrIWN+9eEhKZhdtV8rZSsXXsfvXNa3AZP
         Q5PA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=ACUakujh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a26si5725196oto.199.2019.12.13.13.25.50;
        Fri, 13 Dec 2019 13:26:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=ACUakujh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726736AbfLMVYs (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Fri, 13 Dec 2019 16:24:48 -0500
Received: from mail-il1-f195.google.com ([209.85.166.195]:46460 "EHLO
        mail-il1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726683AbfLMVYs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Dec 2019 16:24:48 -0500
Received: by mail-il1-f195.google.com with SMTP id t17so569125ilm.13
        for <linux-kernel@vger.kernel.org>; Fri, 13 Dec 2019 13:24:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=;
        b=ACUakujhnGW2MtAPIdsq2dzxITzFJAyUw4n1m3wvSShsTuvSKj9O0/gmzx3CgPtOwJ
         /eSBPWw/gKFFBq3gV59Y2CnL9oIMb+Qy8DQEF/evgpiCnhodb+DWZhYu9YoZWCtfaJfM
         Unlrkn4OCs3BQ9uXhVmzB7oePCKL2PI8t38qnQX1vwmogdlGEYVYpLLs9oJH+HNpNewa
         sXu6oO8tje/uQ2WAgXBQcCzI9PYrsgkF3Tp6NHdg1/JmUieGZ+k4gLTixIGhGZkvuXQM
         AUkAWstF8CZ9+uj0Onthy4T6UgUgqMxnv3uVM8/RAJBFUrPdrdr24+6KZqnZS6CBhe18
         Xc/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=VWRSxey7el74QZ+Ei/DzotdKJzpYoB0015GuoC7vpOI=;
        b=jMr2OCMg8oQMqcN+SnX8HBs5M2rZJ6E0l7jqJdBCzyxdg3+Iz9BFZkc4MpXePOWUyt
         kA4pFIDBZ74TQhDFM8yTR73HDnEWbVlnAyfdlTCN6AOWHrESaNsnN1I4Cw4Vo/B/q6NY
         9AUFQK+JiCs+Shf5op/RRWkboMNpc/PbBtQSIqfk04g6QeglRgXo3zGic7stlhbzfSqk
         SfEBX3RsqjfkkmUU+WXFv/5H+2VixbLEpEMa9MdhjTKonYJQ0R5BSNPrjX4MOSZhpMxs
         KihdqOWiMaxBIFWKSRN3+wdNuQp+pbxZQ8p7EVsLd1gDUDmSZiI7TMMUuGeWNZa5W2gk
         SLbw==
X-Gm-Message-State: APjAAAUMP6OWpxabiaIEggqxQNXl2FJWnbtWTfKVKPMlBq1ljPKBd2jg
        LTrZkLEHU83XFsQGeAeKwwDh/eulNGf1p+emSAteew==
X-Received: by 2002:a92:3bc7:: with SMTP id n68mr1443685ilh.84.1576272287148;
 Fri, 13 Dec 2019 13:24:47 -0800 (PST)
MIME-Version: 1.0
References: <20191203004043.174977-1-matthewgarrett@google.com>
 <CALCETrWUYapn=vTbKnKFVQ3Y4vG0qHwux0ym_To2NWKPew+vrw@mail.gmail.com>
 <CACdnJuv50s61WPMpHtrF6_=q3sCXD_Tm=30mtLnR_apjV=gjQg@mail.gmail.com>
 <CALCETrWZwN-R=He2s1DLet8iOxB_AbuSGOJ3y7zW=qUmx33C=A@mail.gmail.com>
 <CACdnJuvTR2r_myJX2bQ8XTDw_HxM-EgqhVLaUJVCa+VQS+6Qrg@mail.gmail.com> <CAKv+Gu-7H7AmMGk8_safU83KZZiJJpQ4X+o7V9Pv24AOh3g5ug@mail.gmail.com>
In-Reply-To: <CAKv+Gu-7H7AmMGk8_safU83KZZiJJpQ4X+o7V9Pv24AOh3g5ug@mail.gmail.com>
From:   Matthew Garrett <mjg59@google.com>
Date:   Fri, 13 Dec 2019 13:24:35 -0800
Message-ID: <CACdnJusMV4k0mjQ=gtdgFHR82tr2QBomoSa6Ca3LoMHzD3r7iQ@mail.gmail.com>
Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges
 during boot
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc:     Andy Lutomirski <luto@amacapital.net>,
        linux-efi <linux-efi@vger.kernel.org>, X86 ML <x86@kernel.org>,
        linux-pci <linux-pci@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 12, 2019 at 7:46 AM Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
>
> On Wed, 4 Dec 2019 at 20:56, Matthew Garrett <mjg59@google.com> wrote:
> > We already handle this case - the kernel doesn't activate busmastering
> > until after it does IOMMU setup.
>
> Build issues aside (which we already handled off list), I think we
> should consider the following concerns I have about this patch:
> - make it work on ARM (already done)
> - make the cmdline option an efi=xxx one, this makes it obvious which
> context this is active in

Ok.

> - I would prefer it if we could make it more obvious that this affects
> PCI DMA only, other masters are unaffected by any of this.

Ok - in terms of naming, or in terms of documentation?

> - What about integrated masters? On the systems I have access to,
> there are a lot of DMA capable endpoints that sit on bus 0 without any
> root port or PCI bridge in between

There's not really anything we can do about those. My gut feeling is
that if you're in a situation where you can't trust your integrated
chipset then you're going to have trouble building any real trust in
the platform.

> - Should we treat GOP producers differently? Or perhaps only if the
> efifb address is known to be carved out of system memory?

Hm, good question. Video cards are one of the most complicated devices
on the system, so I'd prefer not to leave us vulnerable to them. Maybe
try this as an opt-in thing for a while and see whether people find
graphics-related breakage?

> If we come up with a good story here in terms of policy, we may be
> able to enable this by default, which would be a win imo.

I'm pretty sure we're going to have some hardware that this just
breaks on, unfortunately - Apple's EFI driver for Broadcom wifi used
to continue DMAing over ExitBootServices(), and the "easy" fix of
disabling BME on it beforehand resulted in the card wedging on driver
load, so I think we'll see other devices that have similar behaviour.

(We "fixed" the Apple case by putting the card into S3)