Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1158787ybg; Tue, 2 Jun 2020 02:53:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQTB6dAopxzJ/zauMbHoh3EuG1YFOCmrG4Pm3ichWu89ph0lX7gZKexvrbBKz0L2wboBwx X-Received: by 2002:a17:906:1751:: with SMTP id d17mr24200991eje.314.1591091589042; Tue, 02 Jun 2020 02:53:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591091589; cv=none; d=google.com; s=arc-20160816; b=zTahH+Tycsuy+Bnpt/dMantXaRceADVAUQdFqEmPqWI0OQ5rw+AU1fCra63l+KooL/ dBaRGpTXc1vO0pvn4TSYeMEPm6WZJk11RzaHXx9w1Bao5qyOa10/KiYigINszbfaqlT8 NFGBXmPg/Vo9oa5/646xga/YMHNxbH1vG6Y70hPk7bUUrtrsh1tpRAz4gHJiKI9HjlkJ Q5LBwm+XGPCLVwG6Sc+Em16P3BsAHjhbREb+luJqIhQvsdvUgC4pta3BwPhyxY7o0yrG w+n0hOS9YhzQuLa6VJQkPF7zkFwKjz+L4D3C6/IrT/mQvbyk4CRCVgxoclSJ7wAS/4r6 HU/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=wJLHameSi4bh0Phosen/Yn4zZb5YsSL9kL1+h76UWNk=; b=YoAvRwQBd13lXdgI48XmiTqQXWSjm8trBSTJJnb8a1ErCjP3drVQOFfGdnDgUgV9WN SXiDUACr7ie1f8qOJAHRD7JFvEyDBM8VN8c404+dKGEduNQtYeAQg3O4J/NAwRGbYcme fezQgcFo38qgsrswfWJz2Gzij6ZWR7WE5qAaQvd8JVKJlkojUfh1f83faRUC+FA/HoYc UZeaMVu9N4TfIsxP6RHjfm0B+2oAofZAoefB7Dcyz1u4zoXclz7TuiYIZtxRr0DeLDMZ pB0WdlB0Uusygwdq0RWutHXQAt5iYR3NO92hzPU4cdbwNg3E/YRqOA6D21hl8TVrfwuW olJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qq18si1232384ejb.195.2020.06.02.02.52.45; Tue, 02 Jun 2020 02:53:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726937AbgFBJuK (ORCPT + 99 others); Tue, 2 Jun 2020 05:50:10 -0400 Received: from mga06.intel.com ([134.134.136.31]:24935 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725958AbgFBJuI (ORCPT ); Tue, 2 Jun 2020 05:50:08 -0400 IronPort-SDR: AsP1mBlZUU/nf+cfanwJ+X5VOqpG6bo3nHqte8EKdBMYvCPE6TduLLTuUvyHRHt7Z8MOJCHxyN CoWJgqnPCWcg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2020 02:50:08 -0700 IronPort-SDR: 1wM2/0IT4DznM5UA7kHHznMwfEwhMqcBUpu+200PCHFFobW4oeFyXE/fxj0z5vp529c0n51qSi AmqbmEmkl6gA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,463,1583222400"; d="scan'208";a="377701826" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.163]) by fmsmga001.fm.intel.com with SMTP; 02 Jun 2020 02:50:03 -0700 Received: by lahna (sSMTP sendmail emulation); Tue, 02 Jun 2020 12:50:03 +0300 Date: Tue, 2 Jun 2020 12:50:03 +0300 From: Mika Westerberg To: Rajat Jain Cc: David Woodhouse , Lu Baolu , Joerg Roedel , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Ashok Raj , lalithambika.krishnakumar@intel.com, rajatxjain@gmail.com, pmalani@google.com, bleung@google.com, levinale@google.com, zsm@google.com, mnissler@google.com, tbroch@google.com Subject: Re: [PATCH] iommu/vt-d: Don't apply gfx quirks to untrusted devices Message-ID: <20200602095003.GI247495@lahna.fi.intel.com> References: <20200602054517.191244-1-rajatja@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200602054517.191244-1-rajatja@google.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 01, 2020 at 10:45:17PM -0700, Rajat Jain wrote: > Currently, an external malicious PCI device can masquerade the VID:PID > of faulty gfx devices, and thus apply iommu quirks to effectively > disable the IOMMU restrictions for itself. > > Thus we need to ensure that the device we are applying quirks to, is > indeed an internal trusted device. > > Signed-off-by: Rajat Jain > --- > drivers/iommu/intel-iommu.c | 28 ++++++++++++++++++++++++++++ > 1 file changed, 28 insertions(+) > > diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c > index ef0a5246700e5..f2a480168a02f 100644 > --- a/drivers/iommu/intel-iommu.c > +++ b/drivers/iommu/intel-iommu.c > @@ -6214,6 +6214,11 @@ const struct iommu_ops intel_iommu_ops = { > > static void quirk_iommu_igfx(struct pci_dev *dev) > { > + if (dev->untrusted) { > + pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n"); I think you should be consistent with other messages. For example iommu should be spelled IOMMU as done below. Also this is visible to users so maybe put bit more information there: pci_warn(dev, "Will not apply IOMMU quirk for untrusted graphics device\n"); Ditto for all the other places. Also is "untrusted" good word here? If an ordinary user sees this will it trigger some sort of panic reaction. Perhaps we should call it "potentially untrusted" or something like that? > + return; > + } > + > pci_info(dev, "Disabling IOMMU for graphics on this chipset\n"); > dmar_map_gfx = 0;