Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1031989ybg; Mon, 1 Jun 2020 22:48:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTEQNB+gTw5m4aj7aqnVyi5cXewzR7h+xbepW56S7bAiDGXJ0EOxqo6YHma97HRuFjqhbO X-Received: by 2002:a17:906:4009:: with SMTP id v9mr7276766ejj.481.1591076908175; Mon, 01 Jun 2020 22:48:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591076908; cv=none; d=google.com; s=arc-20160816; b=Gz48XIFOQIEUsgsu3+Pp5jJHjWMv0EHe7LlKfKQUznDmVwLfLqm5qgAOGcEZOkqnBU S0yIMndI9CNIPSUuPU3hG2/XM0/nyAZobEC4dLwDq+uXO+N0kNF0GMYke3yolc9axzSE kTVEeS/YXGZmvEiZlf7AP9+4OHlulkxq1siRTz1IQPGjJj3YpLuzCp5F+XDs/8hmnXbi 7e/r6Q5awTO3CZt8NdiNgPkZO9ZDFsm1Yzf4uZqQlnXH2yO/OKSxWr1yWdTLbcxGeObA PeHZmWmK3e1wB70i/0CuL3XYlX3I6tWKsHGqKsFREiMpC/phpa0W6rFoE4uljMccv5Bs uYXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=qiAGy0O4D5sZPZBUDOyzmafsREfPwQ+6o5+tiGkldzk=; b=zk1JgNRJ/RTAYH6fF8bZ6xOcw3fEUMpJpycTCrcA5oybKe7ZtcNx3loEpknanRPfzn 0yiK/lQGfMK7CIuz6EZ6Fy3hAsraI5a4q/4vU3SY0nX4UP2K9/wV3IkcapbgA8u8skcn peyfLURzYxZDTS+OV3Z6vrpldT1wKomMSFu1r946B6hD/UmBfs3r1wdErP42ihYsmxol lUwJNCt5QGgAKBbvEsfA2eM+o93jT6VjgDA/IiUkFTOVbhAp9aHxoiKazSYJDLkMjy/q OhMlCufSe3ORQ+keNGtSvRqg1n+Grtnz+wi0Xu3mt4meeeRENF9siC19xIvKHe1EQLqj bCIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=g9X7wqQH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id du1si1238122ejc.616.2020.06.01.22.48.05; Mon, 01 Jun 2020 22:48:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=g9X7wqQH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726062AbgFBFpY (ORCPT + 99 others); Tue, 2 Jun 2020 01:45:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725298AbgFBFpY (ORCPT ); Tue, 2 Jun 2020 01:45:24 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCB42C061A0E for ; Mon, 1 Jun 2020 22:45:22 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id f187so15886232ybc.2 for ; Mon, 01 Jun 2020 22:45:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=qiAGy0O4D5sZPZBUDOyzmafsREfPwQ+6o5+tiGkldzk=; b=g9X7wqQHkwSsE67PytiDLtUkVlKt2EmXQ0Z2WRZ0Xh3f9+7wmd6h5PI65oCiURIzef MvAXbSoNA7xpUP+3svirF5JhGDvXQZ1hGiTiID+6+4TXZMqd9HGHl42YU8KYdn1jlXX1 FMt8vXzUeNYIsYo7VzJ9wNA04qeDpKks+ZwPzp1zSUn24ptdkw6dUktr1kvqHK1hj/Dh RbuIe+jX/KArQ5VsuwdkY5TYXdHBF42uQJwZ9RNePDGIoHfqlRknnDTaAHMFGPsBlaKN 2MW4rywYhNxn+jhu9c2wfi6Jt/pIxSZxA7DPdJ0zojBygsgLVkYPzDrLC7UFgRFc/Tqb QJtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=qiAGy0O4D5sZPZBUDOyzmafsREfPwQ+6o5+tiGkldzk=; b=LTwuxLBJxmEpYp1gIycEeAk47JVRKQYlMCdAtZsiWPyTl8EyYL0gVJgB1bkEBwC4IL 2SfyNsg/Y1stxhfA5TMIbG1JPk+jyWWczlvPRucDssrVe9hCFRcrESeR1Y+cAXMibVJS NN3xsQSIi07z4zPWE08Cu+TQzQFhkzWGHP7nArWkaS6fyOImBnbQ429v+PtC1U9gHHUg k7tV/bKYdzBRmqUxLVQF8Sfl6jZW+DdtuFFhBeVm9IhNYZqzMldGGH+PEjRgEgYF1n5l 3B6lLk9wSwwS8CUWOUX0tPmVvsH2fw6jsj82eacgN8xK+PoyQra5wZv3Tn0EKTqvZ4cn Hb6A== X-Gm-Message-State: AOAM532fObq19onginz7M2SHHA8FV34ik5LCBNDL782YccXB8g/zJMiR l0mPBIR+tJD0VWvv/8q8nLGchbGSsRBf X-Received: by 2002:a25:fc5:: with SMTP id 188mr39503234ybp.429.1591076722056; Mon, 01 Jun 2020 22:45:22 -0700 (PDT) Date: Mon, 1 Jun 2020 22:45:17 -0700 Message-Id: <20200602054517.191244-1-rajatja@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.27.0.rc2.251.g90737beb825-goog Subject: [PATCH] iommu/vt-d: Don't apply gfx quirks to untrusted devices From: Rajat Jain To: David Woodhouse , Lu Baolu , Joerg Roedel , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Mika Westerberg , Ashok Raj , lalithambika.krishnakumar@intel.com Cc: Rajat Jain , rajatxjain@gmail.com, pmalani@google.com, bleung@google.com, levinale@google.com, zsm@google.com, mnissler@google.com, tbroch@google.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, an external malicious PCI device can masquerade the VID:PID of faulty gfx devices, and thus apply iommu quirks to effectively disable the IOMMU restrictions for itself. Thus we need to ensure that the device we are applying quirks to, is indeed an internal trusted device. Signed-off-by: Rajat Jain --- drivers/iommu/intel-iommu.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index ef0a5246700e5..f2a480168a02f 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -6214,6 +6214,11 @@ const struct iommu_ops intel_iommu_ops = { static void quirk_iommu_igfx(struct pci_dev *dev) { + if (dev->untrusted) { + pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n"); + return; + } + pci_info(dev, "Disabling IOMMU for graphics on this chipset\n"); dmar_map_gfx = 0; } @@ -6255,6 +6260,11 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx); static void quirk_iommu_rwbf(struct pci_dev *dev) { + if (dev->untrusted) { + pci_warn(dev, "skipping iommu quirk for untrusted dev\n"); + return; + } + /* * Mobile 4 Series Chipset neglects to set RWBF capability, * but needs it. Same seems to hold for the desktop versions. @@ -6285,6 +6295,11 @@ static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev) { unsigned short ggc; + if (dev->untrusted) { + pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n"); + return; + } + if (pci_read_config_word(dev, GGC, &ggc)) return; @@ -6318,6 +6333,13 @@ static void __init check_tylersburg_isoch(void) pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL); if (!pdev) return; + + if (pdev->untrusted) { + pci_warn(pdev, "skipping iommu quirk due to untrusted dev\n"); + pci_dev_put(pdev); + return; + } + pci_dev_put(pdev); /* System Management Registers. Might be hidden, in which case @@ -6327,6 +6349,12 @@ static void __init check_tylersburg_isoch(void) if (!pdev) return; + if (pdev->untrusted) { + pci_warn(pdev, "skipping iommu quirk due to untrusted dev\n"); + pci_dev_put(pdev); + return; + } + if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) { pci_dev_put(pdev); return; -- 2.27.0.rc2.251.g90737beb825-goog