Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3433642pxb; Mon, 24 Jan 2022 09:26:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJx5sHyFY0DnL64gUQrEUugssiAqptSA98t2uVru1LbhAmUtc3B6c5foT6rNXlCCoR0s6pJv X-Received: by 2002:a65:6114:: with SMTP id z20mr12721809pgu.124.1643045208015; Mon, 24 Jan 2022 09:26:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643045208; cv=none; d=google.com; s=arc-20160816; b=TZJ2lRzsZl+4tk4t+BkJH/+FZCBZxdjAggT0OkEHy+jteaTJtG8fa2J8cQAl9Ku4vS EUt3STmLh0Jq1WYgTXjsUo8gfgdy9jmXlY7aej5bMhtAieXKDeVKTk+6CWSwzShIlSS0 nnnolcVzWUBBoYABhRsWsvgSR+FePuSSyxfAHhHIvO3NZh+Cxszj64uh8tHNdAk0H/7B 5F0IZEdyjHeYrsmgIx/Dvh+NX8RzByZ9yzxraxup2luDGR2c7eTUno1rCEGHBaY/k0HI VKBpVCtxE8NsOAN3GWDXzZ69/rryK4LEF/nqzzfwJ0A1Q0OdqiSFc8loDuSDT9jbrqYJ EypA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=OSt8GNwIw1dXqLUkRZFfJAT2XjaXqCgsvg/iSfNQWQs=; b=nEHCSMvL/To2xXOfLnpwHnJ3taTGTBYyC1JkYbb45ZR/pal/dpss+YVoOcXuX71mJa lyiH97OfnbQJRNW14Qx3tdKsdI2JVGIYaZaqEKMs0v6lP3rUEKh2zj4SgnFKMjd7icrm UBuol4J9Tm0dWB59VPJPOaiVOK8p4qb2xs7wuzgOdJWUS3tgvP+twDVxrKog3tgnvhR3 PbfTsSUPJ5/D1FwOPTXsPIseU+Us9j/OlQI7+TS+BFhSQiV4JP7DeECtck4aUNGCVDXJ oi3R72Uoei3qOZmUbg7O5BEJTddySZ6bCZPu8B5EaxQOmHRU8avcuEdrwux1X+tnXmfH Bspg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=B4oEodK3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si13720302pgc.340.2022.01.24.09.26.35; Mon, 24 Jan 2022 09:26:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=B4oEodK3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241618AbiAXG1R (ORCPT + 99 others); Mon, 24 Jan 2022 01:27:17 -0500 Received: from mga12.intel.com ([192.55.52.136]:43034 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241551AbiAXG1R (ORCPT ); Mon, 24 Jan 2022 01:27:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643005637; x=1674541637; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=Gn34ABxcSee+wgnEIT0hQPLTIw0wZvixz3QrsRcRHEs=; b=B4oEodK3Ck8lRt03nWPzBiCPgUYOG4fI0RCDf7j+JhLpiQfu6REiERj5 sHJs284gFoZawaEYudKvW/iSadpSlXThxVyApGZDswU/J4AwvK7yQ/J2O jIBtWHeFrzvp0b0YZGBusN4ILfD4Y6FiSKRCyFboLvcpCTh3l/gft3/Ux 6fWt5esZfHHvctnDdLeJYahSX1OpjEPzjLnS/6N4vi1FqHVvk8WL7jSoc d6d1Pqsft52IqloICaGU3Gt3lOZCPwsZs3vm2Z61Qt1Xg6w/HY7+Gw7mq Hr60HMuUIXI3O3Z651o8jD883sfGvUQ8JfmCML5Oi5HYGZcX4VOa1gSdJ w==; X-IronPort-AV: E=McAfee;i="6200,9189,10236"; a="225953974" X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="225953974" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2022 22:27:17 -0800 X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="534089171" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.162]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2022 22:27:12 -0800 Received: by lahna (sSMTP sendmail emulation); Mon, 24 Jan 2022 08:27:09 +0200 Date: Mon, 24 Jan 2022 08:27:09 +0200 From: Mika Westerberg To: Bjorn Helgaas Cc: Rajat Jain , "Rafael J. Wysocki" , Len Brown , Bjorn Helgaas , linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, rajatxjain@gmail.com, dtor@google.com, jsbarnes@google.com, Greg Kroah-Hartman , Jean-Philippe Brucker , Pavel Machek , Oliver O'Halloran , Joerg Roedel Subject: Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted Message-ID: References: <20220120000409.2706549-1-rajatja@google.com> <20220121214117.GA1154852@bhelgaas> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220121214117.GA1154852@bhelgaas> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Fri, Jan 21, 2022 at 03:41:17PM -0600, Bjorn Helgaas wrote: > [+cc Greg, Jean-Philippe, Mika, Pavel, Oliver, Joerg since they > commented on previous "external-facing" discussion] > > On Wed, Jan 19, 2022 at 04:04:09PM -0800, Rajat Jain wrote: > > Today the pci_dev->untrusted is set for any devices sitting downstream > > an external facing port (determined via "ExternalFacingPort" property). > > This however, disallows any internal devices to be marked as untrusted. > > This isn't stated quite accurately. "dev->untrusted" is currently set > only by set_pcie_untrusted(), when "dev" has an upstream bridge that > is either external-facing or untrusted. > > But that doesn't disallow or prevent internal devices from being > marked as untrusted; it just doesn't implement that. > > > There are use-cases though, where a platform would like to treat an > > internal device as untrusted (perhaps because it runs untrusted > > firmware, or offers an attack surface by handling untrusted network > > data etc). > > > > This patch introduces a new "UntrustedDevice" property that can be used > > by the firmware to mark any device as untrusted. I think this new property should be documented somewhere too (also explain when to use it instead of ExternalFacingPort). If not in the next ACPI spec or some supplemental doc then perhaps in the DT bindings under Documentation/devicetree/bindings.