Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2234919pxp; Mon, 21 Mar 2022 14:33:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoCwZoTH+YqEtGQkHGYnmPbIt6Rzsy09Cmy+ySkxIjRrIYDSRARCqPbDc5TpdKuziB8KQa X-Received: by 2002:aa7:90d5:0:b0:4e1:307c:d94a with SMTP id k21-20020aa790d5000000b004e1307cd94amr25776924pfk.38.1647898432033; Mon, 21 Mar 2022 14:33:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647898432; cv=none; d=google.com; s=arc-20160816; b=DvRUdP8mMpIrgwVSyZTbVbf4NwLsoSNcSOW9WPG5F8QJTmglYyGLtJIv2A9NmEnGiR s2ibe1g5k6ZOe5ghqtdodhxRZlsPFVG55cOvfIFoqeIOIIL0w1ci9sndglE93etWZ89N o3nBZoAUjFnsyU0O1ireCCmImswhOiQk7rgg6l95SoresXNO6ISH4SMTNonYxI/IjjmZ WS1jazaGJmoIgBTJ/kbgIub/PYKo/rFyRkhX7Z9yrCrkaA5TQzUnIU4nk4suNHp/ADZT 0A9ZTAxrBesoGdhi3wXHvBsJyp3j8BdcLi3r2tzNUljx7Zf609ZMjIqsZGc+/KqJ6uWy hoQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=00WYXFv9r8pQN6pi/LjWmA2PhdrhRrt9XUP7J04Q+LI=; b=cOOKZ0Epj0/Bz1mrFUNRiPCLR678Sbsln8iHiF970gzs3RAXJPDLcXImKueF268+i7 WnnwsvLhriv39qn3bYHQUYhN+FVYMobJQU9r5e87VoOyoR5e7hulpuomfIg+382IuB32 6/pP8/0Nk+csiYp8lGwfYlMVBBw5CuY5zXTXLHrzYj3r+pfxsEi8xSSvF/Nvnwa/jF5M czyaKkednoLfpj1AcOqKLtgl8ZW9pcpSYu3wQQphgaroF7s+EkbCDM9bhBbd7r1fDfrp AzEGPIZiB+COZMgGnkLnro/E+/HptW9/as1pLGxva+TnSEVtF/Ytnb7ZTSUoR2CM5oMT +X1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=X06SdEPQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x188-20020a6331c5000000b003821ef6f3bcsi12873914pgx.365.2022.03.21.14.33.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 14:33:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=X06SdEPQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5246B2467FF; Mon, 21 Mar 2022 14:12:31 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346530AbiCULAN (ORCPT + 99 others); Mon, 21 Mar 2022 07:00:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346529AbiCULAJ (ORCPT ); Mon, 21 Mar 2022 07:00:09 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5010033E9C; Mon, 21 Mar 2022 03:58:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647860324; x=1679396324; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=6RtiG0C2v7b3JHoXbKF81Ytg+qc2VwLCD93SLy7ttLA=; b=X06SdEPQ3PbBdTSPLDzDPK5q8eRrwuy0AOsLlAQkZRpr4SqBKSFmfFCo wngRn88y9NGpg67+U7enGhh7s8QvsMEBtx27AV56Xr9DHU+xymsRnsB3f +KbSfDTC4d5qW6nqn9kN2dCuduIOo8o9Ug4iuMClUfDKQjYVBoJT8Pr+a i9y0nJ40JvptBGqs751+twasiom3/PF8gWh6AXHy79hKaSIeVqoxA36ya Uuf5QmCh5J86Qj2src5vRhfXjP9jqTyzIEX7rGKvFcwZXSFjKwuEC7ZdO RooFcWHq+Xcz8ozg8qVZxmzrlvvvfOCkwFPZsDuQQxCfzpE9RBTpmfjwX g==; X-IronPort-AV: E=McAfee;i="6200,9189,10292"; a="257471392" X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="257471392" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 03:58:36 -0700 X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="551675891" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.162]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 03:58:32 -0700 Received: by lahna (sSMTP sendmail emulation); Mon, 21 Mar 2022 12:58:30 +0200 Date: Mon, 21 Mar 2022 12:58:30 +0200 From: "mika.westerberg@linux.intel.com" To: "Limonciello, Mario" Cc: Robin Murphy , "joro@8bytes.org" , "baolu.lu@linux.intel.com" , "andreas.noever@gmail.com" , "michael.jamet@intel.com" , "YehezkelShB@gmail.com" , "iommu@lists.linux-foundation.org" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "hch@lst.de" Subject: Re: [PATCH v2 2/2] thunderbolt: Make iommu_dma_protection more accurate Message-ID: References: <0dd14883930c9f55ace22162e23765a37d91a057.1647624084.git.robin.murphy@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mario, On Fri, Mar 18, 2022 at 10:29:59PM +0000, Limonciello, Mario wrote: > [Public] > > > Between me trying to get rid of iommu_present() and Mario wanting to > > support the AMD equivalent of DMAR_PLATFORM_OPT_IN, scrutiny has > > shown > > that the iommu_dma_protection attribute is being far too optimistic. > > Even if an IOMMU might be present for some PCI segment in the system, > > that doesn't necessarily mean it provides translation for the device(s) > > we care about. Furthermore, all that DMAR_PLATFORM_OPT_IN really does > > is tell us that memory was protected before the kernel was loaded, and > > prevent the user from disabling the intel-iommu driver entirely. While > > that lets us assume kernel integrity, what matters for actual runtime > > DMA protection is whether we trust individual devices, based on the > > "external facing" property that we expect firmware to describe for > > Thunderbolt ports. > > > > It's proven challenging to determine the appropriate ports accurately > > given the variety of possible topologies, so while still not getting a > > perfect answer, by putting enough faith in firmware we can at least get > > a good bit closer. If we can see that any device near a Thunderbolt NHI > > has all the requisites for Kernel DMA Protection, chances are that it > > *is* a relevant port, but moreover that implies that firmware is playing > > the game overall, so we'll use that to assume that all Thunderbolt ports > > should be correctly marked and thus will end up fully protected. > > > > This approach looks generally good to me. I do worry a little bit about older > systems that didn't set ExternalFacingPort in the FW but were previously setting > iommu_dma_protection, but I think that those could be treated on a quirk > basis to set PCI IDs for those root ports as external facing if/when they come > up. There are no such systems out there AFAICT. > I'll send up a follow up patch that adds the AMD ACPI table check. > If it looks good can roll it into your series for v3, or if this series goes > as is for v2 it can come on its own. > > > CC: Mario Limonciello > > Signed-off-by: Robin Murphy > > --- > > > > v2: Give up trying to look for specific devices, just look for evidence > > that firmware cares at all. > > I still do think you could know exactly which devices to use if you're in > SW CM mode, but I guess the consensus is to not bifurcate the way this > can be checked. Indeed. The patch looks good to me now. I will give it a try on a couple of systems later today or tomorrow and let you guys know how it went. I don't expect any problems but let's see. Thanks a lot Robin for working on this :)