Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp3656406rwb; Sun, 30 Jul 2023 12:49:36 -0700 (PDT) X-Google-Smtp-Source: APBJJlHQ08r6NvK3GHwct8KSHconRGfssiPCwF9pSeHm4hJ2HYXXr+PIopVs/YrJ2T4BaJM6j8RG X-Received: by 2002:a17:903:11d0:b0:1b6:bced:1dd6 with SMTP id q16-20020a17090311d000b001b6bced1dd6mr8886120plh.35.1690746576225; Sun, 30 Jul 2023 12:49:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690746576; cv=none; d=google.com; s=arc-20160816; b=ITG5fsts+E3B96K+Z5EMR9gkBbyyzLoMpN7QHl4ff+dnAwT/gkzqGOjM2OUpi01M+l u+RJxysjZohb+qu+pdDHqFHF/FEQ1cGDqHnq9s3RNOwEunApFFe6bDJBw21Iib7sGkWv tZJXmCRgd/fl1/NYx0pVmcBtnvEioF0EFu8GQQUOvgn+y77OJ2RMdZwsJE/AN4n1adOQ vcQnNzPktsf+c1wy2VbJEgXiC8/jAao8nKMcgKMy3NeeIfQDGQyA6uT9f3jB65XUANgH BLhwRRaLGmjn0Q1T5e8LOIDARYf52jVNNPvrimrmM8E8bDzZpnK7NXyEk/yP/O0qrq4Y hVqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=6P4mF7uOOTJ4TozIWbCy6M6v6bKUavZy6URyNaVmOi8=; fh=II8TJtNbmJNTLCRm5vFUghITzuoORJOY3ZergPlezy8=; b=hK5SgT8/kkb713B6wITBhyi8+smHL1N2R26TfQBOZ4iHTRpwfUipMyemjvA+8FRGp9 UXi/9QuWPtcYgLC77kHMmWU4L8b6yVNFxJSaIJKkST1yqvlR8+kdrUexsH54fX5NhDSF 4XYRkZb6wFPT02yx80LViSxfGMPdoeYB1oSElOy7LB8j+ABUgdAJTnW0FdLKIUKgG5i1 4Va3U1LNdCxLONtqFZkcDWL05Y+vp7jqB0ws5dJot3fJaPnmSYZ2b+RJsq/zYx272gTe Z6SG/3TopmQ2SZvHreo2p322+yXYokNKPLwt5HR0CSCOWtobSPdIxwMXw1TwWZqA3+Bw nm8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f12-20020a170902ce8c00b001b02e8d8976si2833727plg.300.2023.07.30.12.49.23; Sun, 30 Jul 2023 12:49:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229509AbjG3TqX (ORCPT + 99 others); Sun, 30 Jul 2023 15:46:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229477AbjG3TqS (ORCPT ); Sun, 30 Jul 2023 15:46:18 -0400 X-Greylist: delayed 327 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sun, 30 Jul 2023 12:45:55 PDT Received: from bmailout3.hostsharing.net (bmailout3.hostsharing.net [IPv6:2a01:4f8:150:2161:1:b009:f23e:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACFC119BB; Sun, 30 Jul 2023 12:45:55 -0700 (PDT) Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by bmailout3.hostsharing.net (Postfix) with ESMTPS id 00F7D100D5860; Sun, 30 Jul 2023 21:40:27 +0200 (CEST) Received: by h08.hostsharing.net (Postfix, from userid 100393) id B5CD2120C49; Sun, 30 Jul 2023 21:40:26 +0200 (CEST) Date: Sun, 30 Jul 2023 21:40:26 +0200 From: Lukas Wunner To: Vidya Sagar Cc: bhelgaas@google.com, alex.williamson@redhat.com, treding@nvidia.com, jonathanh@nvidia.com, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, vsethi@nvidia.com, kthota@nvidia.com, mmaddireddy@nvidia.com, sagar.tv@gmail.com Subject: Re: [PATCH V3] PCI: pciehp: Disable ACS Source Validation during hot-remove Message-ID: <20230730194026.GA19962@wunner.de> References: <20230111190533.29979-1-vidyas@nvidia.com> <20230730191519.3124390-1-vidyas@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230730191519.3124390-1-vidyas@nvidia.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 31, 2023 at 12:45:19AM +0530, Vidya Sagar wrote: > PCIe 6.0, 6.12.1.1 specifies that downstream devices are permitted to > send upstream messages before they have been assigned a bus number and > such messages have a Requester ID with Bus number set to 00h. > If the Downstream port has ACS Source Validation enabled, these messages > will be detected as ACS violation error. > > Hence, disable ACS Source Validation in the bridge device during > hot-remove operation and re-enable it after enumeration of the > downstream hierarchy but before binding the respective device drivers. What are these messages that are sent before assignment of a bus number? What's the user-visible issue that occurs when they're blocked? Doesn't disabling Source Validation introduce a security hole because the device may spoof messages before Source Validation is re-enabled? PCIe r6.1 sec 6.12.1.1 does indeed point out that the downstream device is *permitted* to send these messages but the Implementation Note does *not* prescribe that Source Validation shall be disabled to let them through. It merely points out that the messages may be filtered if Source Validation is enabled. Thanks, Lukas