Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1284199pxb; Fri, 21 Jan 2022 14:19:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJxf3AhNfWv+4OUFnQnbTbgnLWLl2GYUvilw/3fs4Rx0qiz1tNODMm8JneA05avDZQVXnZnL X-Received: by 2002:a17:902:8bc5:b0:149:88fc:5560 with SMTP id r5-20020a1709028bc500b0014988fc5560mr5911155plo.144.1642803584222; Fri, 21 Jan 2022 14:19:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642803584; cv=none; d=google.com; s=arc-20160816; b=zQSvyPKPurO4bYFse1sksoJ1Ar14uBgoow6TAXE4/WfYlc44NucRYA5sEpLU1TPX/h vrwaA9gFkjORJ4TxtAAGXFFDpuM1QCc5bwXol4MFK1meCKTtKTodntP57L67xoBecUH/ UA6MvwvsLZN8HpznMHWubmgZ/Zqq9X5KNviz3Sg0MKKqGU/jTaBZND4TLRZr4j64nu2Z ImcUxyPmrE4kfdvNMZoHGRNjSEWGbqPMtHC3j/bLxhftXsUivNJ8mYFv05gemtSHfsGQ Em6b21vJtW86VS0oHPTfc8gqhXIR6N2KLTj9VjbffdPMruIXbRtfjJJHiSXDsH7t9QVb sWVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:reply-to :in-reply-to:references:mime-version:dkim-signature; bh=ddPVCxZ4dU5YjdeoeIUkKx7PGG9W/fGI0TtRqbFtTuw=; b=U/D2/mS5h+W6VQa0w7fq9kV5a+JAH3bAlKKOHzWLj+1yrm09T0umX/pN6yXiZs7+bD WCv++0zEW/7g/dSVv068VpGGyQQH9LVlT22RBDi5McFL/9/KvLH5/7ZZRoRt8dCVtPkJ YfQRbc6pBlC493FTBhNPX/fEyYdm0B7VLEgv/G9N+Ir3rWqDpzuYuUYcJ/ZyxI/06JNn qsxrwAVoYoaHEELPUuQHljx5r4vyqqGZQ0A0pR4dXcchhD6Elsh0GKHYTrHbFca1/F1s S1B3XVDR+/aeCe261xUBPx9+axxxRBJravsgSa8PMTaAhBRqWQWtBN9TQjYQJzWzRDuy xvaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=H6c4pby5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r20si5557287pgu.89.2022.01.21.14.19.29; Fri, 21 Jan 2022 14:19:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=H6c4pby5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376445AbiATPIT (ORCPT + 99 others); Thu, 20 Jan 2022 10:08:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232516AbiATPIS (ORCPT ); Thu, 20 Jan 2022 10:08:18 -0500 Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8F41C061574; Thu, 20 Jan 2022 07:08:17 -0800 (PST) Received: by mail-wm1-x335.google.com with SMTP id o7-20020a05600c510700b00347e10f66d1so7246297wms.0; Thu, 20 Jan 2022 07:08:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=ddPVCxZ4dU5YjdeoeIUkKx7PGG9W/fGI0TtRqbFtTuw=; b=H6c4pby5QH1o8S7IPDYhT0iMNADpq3fH9CJ1YFaBUTbth7CK+XT0K1kj/KxEW3svMz qgPSkkw0v5ifu7wiTZ5ueesuwmt13mkAyXAHkbUvi5ZKfVSsMWLuc2Swh1ZByGg8Cwgs JCgHJ/p6N0it6jnvmy+yz+X9GiRJHqUyok4tcJwB1VTHCQ0wnhTroDypB1uqiwBLNjKo vLCmGDNpepIE/C0qTpl46MLnWh0+aWCljk+Umg70LvdYmUUHwHO/XvXINwEWnlXSlDnF NHmU9EwfPYCHUxAD5LD6QBcp0IM8253CUgv7gWuYyanHdMTY0yzw9xKdC9DHUQqu2N+H VsfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ddPVCxZ4dU5YjdeoeIUkKx7PGG9W/fGI0TtRqbFtTuw=; b=iVpLMaGJZaR7e5Oi3gDcwRTdIJLBBXWr3252t7Ynviausn5dSiOBJJPxECZLNpe4HW MUwS+kaoZQgT06U+L76t76UVlYIJQutAoIsfZCxSo2eR2MCpMzBdGAwSEJBYA9dmBu8e q3WVf6/Mebcgdgzfw2PvjrosS9PNh4AkT4ymdAL58WPMBE2mXZxXyz83hkVPmmhGsRPK qEshXwkRqRTfuY+lPU0PtFIZMpR/2XBeQNPCLZH5KNBlr027rH6Vn784GvTboiy1O/5M Qbvq91gJdPx0xC29XDHPcMIY6+Rv0ol5Egh5/25RqP5ahxqLWBoowz/gEl6EdfUXLz+l dIew== X-Gm-Message-State: AOAM532WFhyd018Ao/IaaXdooLbBgwXXjHxhmqxq2FOVvRm1jgpuqRkY vkNij/adjWODgxEAZ1Cm3Xae95Z20EpSarktVjG8Uc0CYho= X-Received: by 2002:a7b:c310:: with SMTP id k16mr9289871wmj.169.1642691296273; Thu, 20 Jan 2022 07:08:16 -0800 (PST) MIME-Version: 1.0 References: <20220120000409.2706549-1-rajatja@google.com> In-Reply-To: Reply-To: rajatxjain@gmail.com From: Rajat Jain Date: Thu, 20 Jan 2022 07:08:06 -0800 Message-ID: Subject: Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted To: Dmitry Torokhov Cc: Rajat Jain , "Rafael J. Wysocki" , Len Brown , Bjorn Helgaas , ACPI Devel Maling List , linux-pci , Linux Kernel Mailing List , Jesse Barnes Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dmitry, Bjorn, Thanks for your review and comments. On Wed, Jan 19, 2022 at 6:25 PM Dmitry Torokhov wrote: > > Hi Rajat, > > On Wed, Jan 19, 2022 at 4:04 PM Rajat Jain wrote: > > > > Today the pci_dev->untrusted is set for any devices sitting downstream > > an external facing port (determined via "ExternalFacingPort" property). > > This however, disallows any internal devices to be marked as untrusted. > > > > There are use-cases though, where a platform would like to treat an > > internal device as untrusted (perhaps because it runs untrusted > > firmware, or offers an attack surface by handling untrusted network > > data etc). > > > > This patch introduces a new "UntrustedDevice" property that can be used > > by the firmware to mark any device as untrusted. > > > > Signed-off-by: Rajat Jain > > --- > > drivers/pci/pci-acpi.c | 13 +++++++++++++ > > 1 file changed, 13 insertions(+) > > > > diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c > > index a42dbf448860..3d9e5fa49451 100644 > > --- a/drivers/pci/pci-acpi.c > > +++ b/drivers/pci/pci-acpi.c > > @@ -1350,12 +1350,25 @@ static void pci_acpi_set_external_facing(struct pci_dev *dev) > > dev->external_facing = 1; > > } > > > > +static void pci_acpi_set_untrusted(struct pci_dev *dev) > > +{ > > + u8 val; > > + > > + if (device_property_read_u8(&dev->dev, "UntrustedDevice", &val)) > > + return; > > + > > + /* These PCI devices are not trustworthy */ > > + if (val) > > + dev->untrusted = 1; > > Should this all be replaced with: > > dev->untrusted = device_property_read_bool(&dev->dev, "UntrustedDevice"); > > ? Ack, yes, I will do this. > > Also, is this ACPI-specific? Why won't we need this for DT systems (or > do we already have this)?. Good point. Ack, Yes, I don't mind doing this for DT systems also. I wanted to get some feedback and acceptance within the PCI subsystem on the general idea of this property though. Bjorn? Thanks & Best Regards, Rajat > > Thanks, > Dmitry