Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp11141ybh; Sat, 11 Jul 2020 20:02:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwn8AtJIT+4gswFtcUAnRpvjv/Yvd1ecuvImPCUH4eNvnTGLM4+82zfMHdEeYZkY0ZPwKty X-Received: by 2002:a17:906:eb93:: with SMTP id mh19mr66079139ejb.552.1594522936199; Sat, 11 Jul 2020 20:02:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594522936; cv=none; d=google.com; s=arc-20160816; b=Lm2ssHrArk1kAYp214eE4u8Btqmfw04Krx8LQKCkYnbVeG3KI0lspbNhFtY9Y8p0OH YWcGF1h4a8pKc2Cj5tPV/nG23U63mP1cG7CYLLoNLtZTPJsKLYkAVq4pjf1wugfBPNrv yQg46wi/qf4fW9IBukHN34JifAxG+ndhpko3gVRCzxgyfEfGJX1P1dHHXkGr+voVAJmA PAoj0E6BltJ0EhUzJp3V5fhOAKD39JOaltAT1BeCmGoGH8lj1bCdo2zM7U6c4vak8NUx Vm/8l3c6hUa1pBEKF6/o8ux/UYe+3BlmjwEFwQg6ZF8AXu/NmFk4VB85Y/ilBk6lBMqW 9xGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=L7v4Egz9yiipwARGspDSePJlXOOzJMFPiRu/IcvG2vA=; b=mZc43yM8b5G5SJhlHPZdFVOpGwEzbVCh+wgjWJNESovPlq/bMJGQAu7VN8YqSdZOco ioBXwo25Y1m5Okra1WcyUXPvo1jExn8cH1DG1WYkx3CZq5IObKGdahFbJ9P8XywJLKVD 6BN1Y8UlCfxJjcvs4qsDCJ6tN5X2rvFBZxm0DkmXn0SHgM3sf0Ztxok0V+FSTUnjiaNc WBmsaV03GgP81fmPuPkCLj8sh+0RZAan9bDz3VQCjYORdHEq7PGoRFt8rVoA9He6+Uxc HbnfU55bNf26VZUxd337XOqi7QF+QrVKaegQJ+4+1F5qZ3x8fA2rJ55FX34W28lUOhPE zZTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=T7qkaNOS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y11si6180960ejw.645.2020.07.11.20.01.16; Sat, 11 Jul 2020 20:02:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=T7qkaNOS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727914AbgGLC6l (ORCPT + 99 others); Sat, 11 Jul 2020 22:58:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:33270 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726948AbgGLC6l (ORCPT ); Sat, 11 Jul 2020 22:58:41 -0400 Received: from localhost (mobile-166-175-191-139.mycingular.net [166.175.191.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D1ABD206F4; Sun, 12 Jul 2020 02:58:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594522720; bh=GCEYp34kfSIsAhwGdytjjpiuDjkxNS2Pq5Ga4nERay0=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=T7qkaNOSVPVMA1p+OUXR50mxJVKqp+kGpnsAUcwYjmoxKigEkZ+C9uni48nxvzaCc vAD4IUBoFIROp4tLxDovrohgR/tnB9hES1edKw0SsJHM9b8vFAzpkFRAVOCGPqNZr3 feY7YyKAtniCs6zD1STAzEXbVZz+eK3O5AsWgdgg= Date: Sat, 11 Jul 2020 21:58:38 -0500 From: Bjorn Helgaas To: Rajat Jain Cc: Rajat Jain , "Raj, Ashok" , David Woodhouse , Lu Baolu , Joerg Roedel , Bjorn Helgaas , "Rafael J. Wysocki" , Len Brown , "open list:AMD IOMMU (AMD-VI)" , Linux Kernel Mailing List , linux-pci , ACPI Devel Maling List , "Krishnakumar, Lalithambika" , Mika Westerberg , Jean-Philippe Brucker , Prashant Malani , Benson Leung , Todd Broch , Alex Levin , Mattias Nissler , Bernie Keany , Aaron Durbin , Diego Rivas , Duncan Laurie , Furquan Shaikh , Jesse Barnes , Christian Kellner , Alex Williamson , Greg Kroah-Hartman , Oliver O'Halloran , Saravana Kannan , Suzuki K Poulose , Arnd Bergmann , Heikki Krogerus Subject: Re: [PATCH v4 4/4] PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices Message-ID: <20200712025838.GA147150@bjorn-Precision-5520> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 11, 2020 at 05:08:51PM -0700, Rajat Jain wrote: > On Sat, Jul 11, 2020 at 12:53 PM Bjorn Helgaas wrote: > > On Fri, Jul 10, 2020 at 03:53:59PM -0700, Rajat Jain wrote: > > > On Fri, Jul 10, 2020 at 2:29 PM Raj, Ashok wrote: > > > > On Fri, Jul 10, 2020 at 03:29:22PM -0500, Bjorn Helgaas wrote: > > > > > On Tue, Jul 07, 2020 at 03:46:04PM -0700, Rajat Jain wrote: > > > > > > When enabling ACS, enable translation blocking for external facing ports > > > > > > and untrusted devices. > > > > > > > > > > > > Signed-off-by: Rajat Jain > > > > > > --- > > > > > > v4: Add braces to avoid warning from kernel robot > > > > > > print warning for only external-facing devices. > > > > > > v3: print warning if ACS_TB not supported on external-facing/untrusted ports. > > > > > > Minor code comments fixes. > > > > > > v2: Commit log change > > > > > > > > > > > > drivers/pci/pci.c | 8 ++++++++ > > > > > > drivers/pci/quirks.c | 15 +++++++++++++++ > > > > > > 2 files changed, 23 insertions(+) > > > > > > > > > > > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c > > > > > > index 73a8627822140..a5a6bea7af7ce 100644 > > > > > > --- a/drivers/pci/pci.c > > > > > > +++ b/drivers/pci/pci.c > > > > > > @@ -876,6 +876,14 @@ static void pci_std_enable_acs(struct pci_dev *dev) > > > > > > /* Upstream Forwarding */ > > > > > > ctrl |= (cap & PCI_ACS_UF); > > > > > > > > > > > > + /* Enable Translation Blocking for external devices */ > > > > > > + if (dev->external_facing || dev->untrusted) { > > > > > > + if (cap & PCI_ACS_TB) > > > > > > + ctrl |= PCI_ACS_TB; > > > > > > + else if (dev->external_facing) > > > > > > + pci_warn(dev, "ACS: No Translation Blocking on external-facing dev\n"); > > > > > > + } > > > > > > > > > > IIUC, this means that external devices can *never* use ATS and > > > > > can never cache translations. > > > > > > Yes, but it already exists today (and this patch doesn't change that): > > > 521376741b2c2 "PCI/ATS: Only enable ATS for trusted devices" > > > > > > IMHO any external device trying to send ATS traffic despite having ATS > > > disabled should count as a bad intent. And this patch is trying to > > > plug that loophole, by blocking the AT traffic from devices that we do > > > not expect to see AT from anyway. > > > > Thinking about this some more, I wonder if Linux should: > > > > - Explicitly disable ATS for every device at enumeration-time, e.g., > > in pci_init_capabilities(), > > > > - Enable PCI_ACS_TB for every device (not just external-facing or > > untrusted ones), > > > > - Disable PCI_ACS_TB for the relevant devices along the path only > > when enabling ATS. > > > > One nice thing about doing that is that the "untrusted" test would be > > only in pci_enable_ats(), and we wouldn't need one in > > pci_std_enable_acs(). > > Yes, this could work. > > I think I had thought about this but I'm blanking out on why I had > given it up. I think it was because of the possibility that some > bridges may have "Translation blocking" disabled, even if not all > their descendents were trusted enough to enable ATS on them. But now > thinking about this again, as long as we retain the policy of not > enabling ATS on external devices (and thus enable TB for sure on > them), this should not be a problem. WDYT? I think I would feel better if we always enabled Translation Blocking except when we actually need it for ATS. But I'm not confident about how all the pieces of ATS work, so I could be missing something. > > It's possible BIOS gives us devices with ATS enabled, and this > > might break them, but that seems like something we'd want to find > > out about. > > Why would they break? We'd disable ATS on each device as we > enumerate them, so they'd be functional, just with ATS disabled > until it is enabled again on internal devices as needed. Which would > be WAI behavior? If BIOS handed off with ATS enabled and we somehow relied on it being already enabled, something might break if we start disabling ATS. Just a theoretical possibility, doesn't seem likely to me. Bjorn