Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp861330ybt; Fri, 10 Jul 2020 14:30:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrkTn6J8hbJRdUWgH4qaCktB9qCytQsm6nCOizqnasMOp+t2p0kEQSKd90B7IXZ/FInDmF X-Received: by 2002:a05:6402:b79:: with SMTP id cb25mr58026264edb.154.1594416624748; Fri, 10 Jul 2020 14:30:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594416624; cv=none; d=google.com; s=arc-20160816; b=yPlbImH/TQANmY9xGwICAOYCYMZHld4fO0PlZbDlOzgkj66rQNsFMJcZfiiNkLiy8d 4+LGu1Mn6R6ix2AuTRv92zl512bp2XUanqe2VLkfDO0IoQ7D8X3pkt3RdVPV0iT4ga6w WaALf/y6NTU7nsROJMcoi+mwYJYZb8N14hspr6vio4wCn3y141Ap/u2j9PriaHokFe4Z 2+3btude4Y3JiaErii3DP/uIYzg+WwRtItNwA/hY1/ukzmztAOMokwhnkyXn86OVudnS QLBFCSRD8QgqECMXpfOWNi57F+ynzuRF/3VTAtBQf2Ek7DTivkveTKAd28MXW9ay+fHC 8pWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=Lwv+mL2qKDGVKfy0qHk7+ggmZX9paECdgnnSN2LkuiU=; b=e1m+kOHARUL2o524W3QWDxOhEVUj9AlNEUwCySWiG0yA28e68zAP+MJ8I7mkr5ZaaC w+jhf3eo2qlh4EP3OK9+ScCkTQO6ccoQiCDVuV5MLpDukBK60iRPwoloALLPrlM9nekG /+ycU8I/h4gdio/MksKb+pfqEMZXxKs2rQq8h+1ndwhHMRbCc5N7IBTJ9ieh0WKFX53A if6Ap+dKAVxrUCV/KqCuqxkaB6NdiYncoPFOzrZi+cCB/6A77pig5BuDoAzYZMBx24Sx TawgdFsvDo81KMPU3iuqgv0Iwe4rPkIZbCbXlzl8wToofWChNFHoMT6VdAV3r4NQOKYx mVYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w4si446676ede.607.2020.07.10.14.30.01; Fri, 10 Jul 2020 14:30:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726328AbgGJV2z (ORCPT + 99 others); Fri, 10 Jul 2020 17:28:55 -0400 Received: from mga17.intel.com ([192.55.52.151]:38481 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726251AbgGJV2z (ORCPT ); Fri, 10 Jul 2020 17:28:55 -0400 IronPort-SDR: /cGw18/t93ETKUtLBi3nHl2ejpSgkeBjcuEf8wibmWlGyW7l+PZ8iVIDPEmCEjx2nOVJIVUcf7 m/eCkgHegSyw== X-IronPort-AV: E=McAfee;i="6000,8403,9678"; a="128358809" X-IronPort-AV: E=Sophos;i="5.75,336,1589266800"; d="scan'208";a="128358809" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2020 14:28:54 -0700 IronPort-SDR: QtJ0Svtzt5o6heD9E9eaHtgim1i9h9gjLpXXGOf4JZ7gPfDKJXpNrqYhYQmshlI4nLU8n/Z1Rf QFQDNbv/W8kQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,336,1589266800"; d="scan'208";a="306677452" Received: from otc-nc-03.jf.intel.com (HELO otc-nc-03) ([10.54.39.25]) by fmsmga004.fm.intel.com with ESMTP; 10 Jul 2020 14:28:53 -0700 Date: Fri, 10 Jul 2020 14:28:53 -0700 From: "Raj, Ashok" To: Bjorn Helgaas Cc: Rajat Jain , David Woodhouse , Lu Baolu , Joerg Roedel , Bjorn Helgaas , "Rafael J. Wysocki" , Len Brown , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-acpi@vger.kernel.org, lalithambika.krishnakumar@intel.com, Mika Westerberg , Jean-Philippe Brucker , Prashant Malani , Benson Leung , Todd Broch , Alex Levin , Mattias Nissler , Rajat Jain , Bernie Keany , Aaron Durbin , Diego Rivas , Duncan Laurie , Furquan Shaikh , Jesse Barnes , Christian Kellner , Alex Williamson , Greg Kroah-Hartman , oohall@gmail.com, Saravana Kannan , Suzuki K Poulose , Arnd Bergmann , Heikki Krogerus , Ashok Raj Subject: Re: [PATCH v4 4/4] PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices Message-ID: <20200710212853.GA328472@otc-nc-03> References: <20200707224604.3737893-4-rajatja@google.com> <20200710202922.GA77140@bjorn-Precision-5520> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200710202922.GA77140@bjorn-Precision-5520> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Bjorn On Fri, Jul 10, 2020 at 03:29:22PM -0500, Bjorn Helgaas wrote: > On Tue, Jul 07, 2020 at 03:46:04PM -0700, Rajat Jain wrote: > > When enabling ACS, enable translation blocking for external facing ports > > and untrusted devices. > > > > Signed-off-by: Rajat Jain > > --- > > v4: Add braces to avoid warning from kernel robot > > print warning for only external-facing devices. > > v3: print warning if ACS_TB not supported on external-facing/untrusted ports. > > Minor code comments fixes. > > v2: Commit log change > > > > drivers/pci/pci.c | 8 ++++++++ > > drivers/pci/quirks.c | 15 +++++++++++++++ > > 2 files changed, 23 insertions(+) > > > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c > > index 73a8627822140..a5a6bea7af7ce 100644 > > --- a/drivers/pci/pci.c > > +++ b/drivers/pci/pci.c > > @@ -876,6 +876,14 @@ static void pci_std_enable_acs(struct pci_dev *dev) > > /* Upstream Forwarding */ > > ctrl |= (cap & PCI_ACS_UF); > > > > + /* Enable Translation Blocking for external devices */ > > + if (dev->external_facing || dev->untrusted) { > > + if (cap & PCI_ACS_TB) > > + ctrl |= PCI_ACS_TB; > > + else if (dev->external_facing) > > + pci_warn(dev, "ACS: No Translation Blocking on external-facing dev\n"); > > + } > > IIUC, this means that external devices can *never* use ATS and can > never cache translations. And (I guess, I'm not an expert) it can > also never use the Page Request Services? Yep, sounds like it. > > Is this what we want? Do we have any idea how many external devices > this will affect or how much of a performance impact they will see? > > Do we need some kind of override or mechanism to authenticate certain > devices so they can use ATS and PRI? Sounds like we would need some form of an allow-list to start with so we can have something in the interim. I suppose a future platform might have a facilty to ensure ATS is secure and authenticated we could enable for all of devices in the system, in addition to PCI CMA/IDE. I think having a global override to enable all devices so platform can switch to current behavior, or maybe via a cmdline switch.. as much as we have a billion of those, it still gives an option in case someone needs it. > > If we do decide this is the right thing to do, I think we need to > expand the commit log a bit, because this is potentially a significant > user-visible change. > > > pci_write_config_word(dev, pos + PCI_ACS_CTRL, ctrl); > > } > > > > diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c > > index b341628e47527..bb22b46c1d719 100644 > > --- a/drivers/pci/quirks.c > > +++ b/drivers/pci/quirks.c > > @@ -4934,6 +4934,13 @@ static void pci_quirk_enable_intel_rp_mpc_acs(struct pci_dev *dev) > > } > > } > > > > +/* > > + * Currently this quirk does the equivalent of > > + * PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF > > + * > > + * TODO: This quirk also needs to do equivalent of PCI_ACS_TB, > > + * if dev->external_facing || dev->untrusted > > + */ > > static int pci_quirk_enable_intel_pch_acs(struct pci_dev *dev) > > { > > if (!pci_quirk_intel_pch_acs_match(dev)) > > @@ -4973,6 +4980,14 @@ static int pci_quirk_enable_intel_spt_pch_acs(struct pci_dev *dev) > > ctrl |= (cap & PCI_ACS_CR); > > ctrl |= (cap & PCI_ACS_UF); > > > > + /* Enable Translation Blocking for external devices */ > > + if (dev->external_facing || dev->untrusted) { > > + if (cap & PCI_ACS_TB) > > + ctrl |= PCI_ACS_TB; > > + else if (dev->external_facing) > > + pci_warn(dev, "ACS: No Translation Blocking on external-facing dev\n"); > > + } > > + > > pci_write_config_dword(dev, pos + INTEL_SPT_ACS_CTRL, ctrl); > > > > pci_info(dev, "Intel SPT PCH root port ACS workaround enabled\n"); > > -- > > 2.27.0.212.ge8ba1cc988-goog > >