Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1503285ybg; Tue, 2 Jun 2020 11:44:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxU6gr2p4h6JfSpkxfE+BgMXdgYQeyyY/SfcNUnuEMSGccR23wHcgYX4pNe/fLXZpIqmoyA X-Received: by 2002:a17:906:5f93:: with SMTP id a19mr22876532eju.10.1591123490862; Tue, 02 Jun 2020 11:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591123490; cv=none; d=google.com; s=arc-20160816; b=Edyj/JUZ2ea2UgOoj1nMvHg06YFf1eoYcLSGukHFPhbB0l8vrbeTVK/lcCcj6qyAdI SX5+I2xoc/51bd1d7UVmKTGyOhAhKDCsIwMKUN2se7WKIlC3VToOylmlTfFy4+jN25LT Govpt8FWlf/ryumjyHAp8zjiONS/UtcLOGBP3yMa/t/UymlXRv30yZsDNLc0nTjsPh7s dmwhjt4o820+Cdo+83kDzPDU7v9ZWD5+cLXLyLHVDLpwbb/D5tn7arpM1qfDcvi6Ms7q CYOSU20pj3y1LQS2ZXUTEzaxRUPERx3R+lwtvAXx9YzYUoekoA2p0VLcPFaOLPVM9m7H c5Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=8tpv364uuoi5MEZfjTVmpI+b4taGRM4u8bQyj2pnBh4=; b=C0XtIWQC3rlmFug2x47JWD6kxafEUjtSEYXOntV2nTKu5Ts2IU1iU+YneW7dBtfiZx DpGfMRokCWEmUdvPFIF1YuTHf1M0cqv11Mk96yU1zKoad2GnlPnoKdjnYoCJQ+JyhgP3 UqmF155im9zRdRo4mRqZTVeuD4W6e1xKnv6YD5T/SseaC3vaJHzySWF97CWPutmum7yk lkEfUditRXLekGbcR+cu4Y6F5Yrr0hoqjWTJPx9dgvxrJrD1Hnt2mkKFV4j2vQhkAg7X yqZk6SRIEBO+DMn5+KfHVMYIk0VOrtlUc7xdb0LZRgh8nz2vbhm9Y5A3U+9XqZ1IsWtj tA2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SOcja528; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n6si1957721ejz.660.2020.06.02.11.44.27; Tue, 02 Jun 2020 11:44:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SOcja528; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727842AbgFBSlj (ORCPT + 99 others); Tue, 2 Jun 2020 14:41:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726139AbgFBSlj (ORCPT ); Tue, 2 Jun 2020 14:41:39 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3B20C08C5C0 for ; Tue, 2 Jun 2020 11:41:38 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id k186so18232285ybc.19 for ; Tue, 02 Jun 2020 11:41:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=8tpv364uuoi5MEZfjTVmpI+b4taGRM4u8bQyj2pnBh4=; b=SOcja528ER/iTI2CrS98AHZhtT0sh74Df7GwIHRhAXIZCMLzeHsm+NOtlMuRMDQZ6x 6hZOXLkrhV70Ou5JOEP+OHc6ERc0icCN6IKVYkf3ju6LMJls+zT1a/p24k8T0BLO109F k9kQU8UBno4rcsBxDFoMbosDTDLkmr+EJzJ3bta+cIFHwLy7avzrxODzrwf6AThuk0K7 LNqiVoEm3tWJ3IoBuWitZFxHXHwY3bwx4JQlI80R2TieckjWrVF15cA+XaBP+DPnge+M 0exYfssplAHJL0+eBQE0unWoxqw9ZMEtxQTS3qUZ9tLl1Xz/44i2Ef7PdMx+H9KbAzro 2J+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=8tpv364uuoi5MEZfjTVmpI+b4taGRM4u8bQyj2pnBh4=; b=sGIcpPhOUlxW9gver2rNuXvBIpaiIq6V1OQdj14Zkg8wnQWYQvaFqG2dSTTL/l+XGB 8balo6qkUUuTl5ri4A1BNaKduJP6SrFBXaWBfmOy8e8Ccqd1SATOozI0ykv3Wwdnexaz QpEPuPtoEpRzFWCpeEQePLYWJMqcoR3gyMA8S8bkhQGT4PVg3fF3txOxgLNZGqPbHv2C C/zNdhm1Ef4gwERUYmNvO0i74+0Vy2uEkVSYqs89K8wjRlcP0LD2NnXMO5iGBYkOB+fX eJjhTYKloAP3HLmV5i8++xEUKVzj1rOYdNbJNmnHotv/MoOREtHIHU0Ity2NtDSkyaRO 2BsA== X-Gm-Message-State: AOAM532p4WPihciQixWBulB/YiCmwrQdgb2fkAoBt9bIo8q3lcmAVv6b JzlMdOS07R5omrKCHxmNjbEPfjwZ3Ulw X-Received: by 2002:a5b:785:: with SMTP id b5mr21343779ybq.96.1591123297999; Tue, 02 Jun 2020 11:41:37 -0700 (PDT) Date: Tue, 2 Jun 2020 11:41:33 -0700 Message-Id: <20200602184133.75525-1-rajatja@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.27.0.rc2.251.g90737beb825-goog Subject: [PATCH v2] iommu/vt-d: Don't apply gfx quirks to untrusted devices From: Rajat Jain To: David Woodhouse , Lu Baolu , Joerg Roedel , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Mika Westerberg , Ashok Raj , lalithambika.krishnakumar@intel.com Cc: Rajat Jain , rajatxjain@gmail.com, pmalani@google.com, bleung@google.com, levinale@google.com, zsm@google.com, mnissler@google.com, tbroch@google.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, an external malicious PCI device can masquerade the VID:PID of faulty gfx devices, and thus apply iommu quirks to effectively disable the IOMMU restrictions for itself. Thus we need to ensure that the device we are applying quirks to, is indeed an internal trusted device. Signed-off-by: Rajat Jain Acked-by: Lu Baolu --- V2: - Change the warning print strings. - Add Lu Baolu's acknowledgement. drivers/iommu/intel-iommu.c | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index ef0a5246700e5..fdfbea4ff8cb3 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -6214,6 +6214,13 @@ const struct iommu_ops intel_iommu_ops = { static void quirk_iommu_igfx(struct pci_dev *dev) { + if (dev->untrusted) { + pci_warn(dev, + "Skipping IOMMU quirk %s() for potentially untrusted device\n", + __func__); + return; + } + pci_info(dev, "Disabling IOMMU for graphics on this chipset\n"); dmar_map_gfx = 0; } @@ -6255,6 +6262,13 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx); static void quirk_iommu_rwbf(struct pci_dev *dev) { + if (dev->untrusted) { + pci_warn(dev, + "Skipping IOMMU quirk %s() for potentially untrusted device\n", + __func__); + return; + } + /* * Mobile 4 Series Chipset neglects to set RWBF capability, * but needs it. Same seems to hold for the desktop versions. @@ -6285,6 +6299,13 @@ static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev) { unsigned short ggc; + if (dev->untrusted) { + pci_warn(dev, + "Skipping IOMMU quirk %s() for potentially untrusted device\n", + __func__); + return; + } + if (pci_read_config_word(dev, GGC, &ggc)) return; @@ -6318,6 +6339,15 @@ static void __init check_tylersburg_isoch(void) pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL); if (!pdev) return; + + if (pdev->untrusted) { + pci_warn(pdev, + "Skipping IOMMU quirk %s() for potentially untrusted device\n", + __func__); + pci_dev_put(pdev); + return; + } + pci_dev_put(pdev); /* System Management Registers. Might be hidden, in which case @@ -6327,6 +6357,14 @@ static void __init check_tylersburg_isoch(void) if (!pdev) return; + if (pdev->untrusted) { + pci_warn(pdev, + "Skipping IOMMU quirk %s() for potentially untrusted device\n", + __func__); + pci_dev_put(pdev); + return; + } + if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) { pci_dev_put(pdev); return; -- 2.27.0.rc2.251.g90737beb825-goog