Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp946246pxp; Wed, 16 Mar 2022 22:14:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxB4STIzcNFYGBNqXGCo763totEuVGsSAaFVQ+AI2MXVAXGpSZpQ2wU+knTEHFQNubLJYrH X-Received: by 2002:a17:902:e9d4:b0:153:bd06:859c with SMTP id 20-20020a170902e9d400b00153bd06859cmr2912043plk.8.1647494051560; Wed, 16 Mar 2022 22:14:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647494051; cv=none; d=google.com; s=arc-20160816; b=MjFZPggNIQW+8z8Bc/+RQvmGfeiAR65OWMsAZp8IouMItlBNtbgsmnlZsJxIWiJ2Ns 5509Q4+q3E0N8ncO2chFOkP/xzWzIHd5nPwXVxB6CnYrfrAZUSR0dcWnjFQG20/jF0vV MLyGHO8IPOJIYsjEUklP1EiRk7RFTSMIi1dtD1Pj35HeMS1Kg9EoF8c42z5fpauXBWfI w/OFkGGLi8wbj8I1A69JiSPosNdHzDj996iPHpCzMvqQL5auB1UB5fGugJhpiGRpo0ps x3/KBf5OrRLhOgs+UlZsq/VxXJUsEV9SwR9+jAxnrqkB+hUglD1xCqyM+7Myund+XKq6 sS6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=Qf03SqiTkDGp+DVtCLdT2XSMvFHV6Zh6toPvKI/D2lA=; b=Dyiw+m7hCZoDk95hgT3yxyC9QhKDiwKbHeguBASgMoCV8e9eZ2W/AkbSmSVnNiwEAI e0MpV3h8QrGNhBjBM/stJ8CDyAZWDWGwJ1LmlKtm1YnzhIi1fULH3xCdFtR2PuOOkSyL 3u+vdHIC+asvSdvdgnkNjL5liNmHfm5z/kMk/0lKT6pxBZaSFbK7YotoGlkF8Y5pCbt0 C/r7nU/6Fo8ACpq7M+lWZalWDwitKB9xsZi0Ad+kNBLtmpR0L+WPtvYKi81n3ZfQXNHc 2WYd+Cx6kAh59k9G/YOWf2AB4W4pIfx154lAE+L66FtDUi/cUKD5KXwpQQfMv2i5PNlD jJYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id p2-20020a056a0026c200b004fa282f1c56si2528031pfw.74.2022.03.16.22.14.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 22:14:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 22B8E1DF84D; Wed, 16 Mar 2022 21:23:04 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355308AbiCPL1K (ORCPT + 99 others); Wed, 16 Mar 2022 07:27:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345749AbiCPL1J (ORCPT ); Wed, 16 Mar 2022 07:27:09 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1F2AB652DD; Wed, 16 Mar 2022 04:25:56 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CEE0B1515; Wed, 16 Mar 2022 04:25:55 -0700 (PDT) Received: from e121345-lin.cambridge.arm.com (e121345-lin.cambridge.arm.com [10.1.196.40]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9CC4C3F85F; Wed, 16 Mar 2022 04:25:54 -0700 (PDT) From: Robin Murphy To: andreas.noever@gmail.com, michael.jamet@intel.com, mika.westerberg@linux.intel.com, YehezkelShB@gmail.com Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, mario.limonciello@amd.com, hch@lst.de Subject: [PATCH] thunderbolt: Stop using iommu_present() Date: Wed, 16 Mar 2022 11:25:51 +0000 Message-Id: X-Mailer: git-send-email 2.28.0.dirty MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Even if an IOMMU might be present for some PCI segment in the system, that doesn't necessarily mean it provides translation for the device we care about. Furthermore, the presence or not of one firmware flag doesn't imply anything about the IOMMU driver's behaviour, which may still depend on other firmware properties and kernel options too. What actually matters is whether an IOMMU is enforcing protection for our device - regardless of whether that stemmed from firmware policy, kernel config, or user control - at the point we need to decide whether to authorise it. We can ascertain that generically by simply looking at whether we're currently attached to a translation domain or not. Signed-off-by: Robin Murphy --- I don't have the means to test this, but I'm at least 80% confident in my unpicking of the structures to retrieve the correct device... drivers/thunderbolt/domain.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c index 7018d959f775..5f5fc5f6a09b 100644 --- a/drivers/thunderbolt/domain.c +++ b/drivers/thunderbolt/domain.c @@ -257,13 +257,14 @@ static ssize_t iommu_dma_protection_show(struct device *dev, struct device_attribute *attr, char *buf) { + struct tb *tb = container_of(dev, struct tb, dev); + struct iommu_domain *iod = iommu_get_domain_for_dev(&tb->nhi->pdev->dev); /* * Kernel DMA protection is a feature where Thunderbolt security is * handled natively using IOMMU. It is enabled when IOMMU is - * enabled and ACPI DMAR table has DMAR_PLATFORM_OPT_IN set. + * enabled and actively enforcing translation. */ - return sprintf(buf, "%d\n", - iommu_present(&pci_bus_type) && dmar_platform_optin()); + return sprintf(buf, "%d\n", iod && iod->type != IOMMU_DOMAIN_IDENTITY); } static DEVICE_ATTR_RO(iommu_dma_protection); -- 2.28.0.dirty