mbox series

[0/5,Cosmic] iommu: add kernel dma protection

Message ID 20190315050744.7952-1-aaron.ma@canonical.com
Headers show
Series iommu: add kernel dma protection | expand

Message

Aaron Ma March 15, 2019, 5:07 a.m. UTC
BugLink: https://bugs.launchpad.net/bugs/1820153

[Impact]
OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.

[Fix]
Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
Disable ATS on the untrusted PCI device.

[Test]
Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
iommu enabled as expected with this fix.

[Regression Potential]
Upstream fix, Verified on supported platforms, no affection on not supported platforms.
Backported changes are fairly minimal.

These patches are included in 5.0 kernel, disco is good.

Lu Baolu (1):
  iommu/vt-d: Force IOMMU on for platform opt in hint

Mika Westerberg (4):
  ACPI / property: Allow multiple property compatible _DSD entries
  PCI / ACPI: Identify untrusted PCI devices
  iommu/vt-d: Do not enable ATS for untrusted devices
  thunderbolt: Export IOMMU based DMA protection support to userspace

 .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
 Documentation/admin-guide/thunderbolt.rst     |  20 ++++
 drivers/acpi/property.c                       | 105 +++++++++++++-----
 drivers/acpi/x86/apple.c                      |   2 +-
 drivers/gpio/gpiolib-acpi.c                   |   2 +-
 drivers/iommu/dmar.c                          |  25 +++++
 drivers/iommu/intel-iommu.c                   |  56 +++++++++-
 drivers/pci/pci-acpi.c                        |  19 ++++
 drivers/pci/probe.c                           |  15 +++
 drivers/thunderbolt/domain.c                  |  17 +++
 include/acpi/acpi_bus.h                       |   8 +-
 include/linux/acpi.h                          |   9 ++
 include/linux/dmar.h                          |   8 ++
 include/linux/pci.h                           |   8 ++
 14 files changed, 271 insertions(+), 32 deletions(-)

Comments

Hui Wang March 26, 2019, 7:57 a.m. UTC | #1
Acked-by: Hui Wang <hui.wang@canonical.com>

On 2019/3/15 下午1:07, Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
>
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
>
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
>
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
>
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
>
> These patches are included in 5.0 kernel, disco is good.
>
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
>
> Mika Westerberg (4):
>   ACPI / property: Allow multiple property compatible _DSD entries
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
>
>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>  drivers/acpi/x86/apple.c                      |   2 +-
>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>  drivers/iommu/dmar.c                          |  25 +++++
>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>  drivers/pci/pci-acpi.c                        |  19 ++++
>  drivers/pci/probe.c                           |  15 +++
>  drivers/thunderbolt/domain.c                  |  17 +++
>  include/acpi/acpi_bus.h                       |   8 +-
>  include/linux/acpi.h                          |   9 ++
>  include/linux/dmar.h                          |   8 ++
>  include/linux/pci.h                           |   8 ++
>  14 files changed, 271 insertions(+), 32 deletions(-)
>
Stefan Bader March 28, 2019, 2:56 p.m. UTC | #2
On 15.03.19 06:07, Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
> 
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> 
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
> 
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
> 
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
> 
> These patches are included in 5.0 kernel, disco is good.
> 
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
> 
> Mika Westerberg (4):
>   ACPI / property: Allow multiple property compatible _DSD entries
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
> 
>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>  drivers/acpi/x86/apple.c                      |   2 +-
>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>  drivers/iommu/dmar.c                          |  25 +++++
>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>  drivers/pci/pci-acpi.c                        |  19 ++++
>  drivers/pci/probe.c                           |  15 +++
>  drivers/thunderbolt/domain.c                  |  17 +++
>  include/acpi/acpi_bus.h                       |   8 +-
>  include/linux/acpi.h                          |   9 ++
>  include/linux/dmar.h                          |   8 ++
>  include/linux/pci.h                           |   8 ++
>  14 files changed, 271 insertions(+), 32 deletions(-)
> 
For SRU this set looks rather intrusive without a clear statement about the
reasons why one would want it backported. Usually a SRU change should fix a bug.
This change looks like adding a feature, though I might accept certain reasons
why this might be wanted.
For Cosmic, I would accept this as is, for Bionic (which looks to be targeted,
too, looking at the bug report) I would want to see a bit more reasons and also
some positive testing reported on platforms which have no support for this (to
explicitly check there are no side effects).

Acked-by: Stefan Bader <stefan.bader@canonical.com>
Khaled Elmously March 28, 2019, 3:29 p.m. UTC | #3
On 2019-03-15 13:07:39 , Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
> 
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> 
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
> 
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
> 
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
> 
> These patches are included in 5.0 kernel, disco is good.
> 
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
> 
> Mika Westerberg (4):
>   ACPI / property: Allow multiple property compatible _DSD entries
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
> 
>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>  drivers/acpi/x86/apple.c                      |   2 +-
>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>  drivers/iommu/dmar.c                          |  25 +++++
>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>  drivers/pci/pci-acpi.c                        |  19 ++++
>  drivers/pci/probe.c                           |  15 +++
>  drivers/thunderbolt/domain.c                  |  17 +++
>  include/acpi/acpi_bus.h                       |   8 +-
>  include/linux/acpi.h                          |   9 ++
>  include/linux/dmar.h                          |   8 ++
>  include/linux/pci.h                           |   8 ++
>  14 files changed, 271 insertions(+), 32 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Tyler Hicks March 28, 2019, 10:19 p.m. UTC | #4
On 2019-03-15 13:07:39, Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
> 
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> 
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
> 
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
> 
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
> 
> These patches are included in 5.0 kernel, disco is good.

These look good to me but you are missing one fixup:

d8b859105457 iommu/vt-d: Disable ATS support on untrusted devices

With that,

Acked-by: Tyler Hicks <tyhicks@canonical.com>

Tyler

> 
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
> 
> Mika Westerberg (4):
>   ACPI / property: Allow multiple property compatible _DSD entries
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
> 
>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>  drivers/acpi/x86/apple.c                      |   2 +-
>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>  drivers/iommu/dmar.c                          |  25 +++++
>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>  drivers/pci/pci-acpi.c                        |  19 ++++
>  drivers/pci/probe.c                           |  15 +++
>  drivers/thunderbolt/domain.c                  |  17 +++
>  include/acpi/acpi_bus.h                       |   8 +-
>  include/linux/acpi.h                          |   9 ++
>  include/linux/dmar.h                          |   8 ++
>  include/linux/pci.h                           |   8 ++
>  14 files changed, 271 insertions(+), 32 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Khaled Elmously March 29, 2019, 5:58 a.m. UTC | #5
On 2019-03-28 17:19:51 , Tyler Hicks wrote:
> On 2019-03-15 13:07:39, Aaron Ma wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1820153
> > 
> > [Impact]
> > OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> > Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> > Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> > 
> > [Fix]
> > Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> > Disable ATS on the untrusted PCI device.
> > 
> > [Test]
> > Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> > iommu enabled as expected with this fix.
> > 
> > [Regression Potential]
> > Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> > Backported changes are fairly minimal.
> > 
> > These patches are included in 5.0 kernel, disco is good.
> 
> These look good to me but you are missing one fixup:
> 
> d8b859105457 iommu/vt-d: Disable ATS support on untrusted devices
> 
> With that,
> 
> Acked-by: Tyler Hicks <tyhicks@canonical.com>
> 

This patchset was already applied with ACKs from Hui and Stefan.
Does anything need to change in regards to this new comment?



> Tyler
> 
> > 
> > Lu Baolu (1):
> >   iommu/vt-d: Force IOMMU on for platform opt in hint
> > 
> > Mika Westerberg (4):
> >   ACPI / property: Allow multiple property compatible _DSD entries
> >   PCI / ACPI: Identify untrusted PCI devices
> >   iommu/vt-d: Do not enable ATS for untrusted devices
> >   thunderbolt: Export IOMMU based DMA protection support to userspace
> > 
> >  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
> >  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
> >  drivers/acpi/property.c                       | 105 +++++++++++++-----
> >  drivers/acpi/x86/apple.c                      |   2 +-
> >  drivers/gpio/gpiolib-acpi.c                   |   2 +-
> >  drivers/iommu/dmar.c                          |  25 +++++
> >  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
> >  drivers/pci/pci-acpi.c                        |  19 ++++
> >  drivers/pci/probe.c                           |  15 +++
> >  drivers/thunderbolt/domain.c                  |  17 +++
> >  include/acpi/acpi_bus.h                       |   8 +-
> >  include/linux/acpi.h                          |   9 ++
> >  include/linux/dmar.h                          |   8 ++
> >  include/linux/pci.h                           |   8 ++
> >  14 files changed, 271 insertions(+), 32 deletions(-)
> > 
> > -- 
> > 2.17.1
> > 
> > 
> > -- 
> > kernel-team mailing list
> > kernel-team@lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Aaron Ma March 29, 2019, 6:32 a.m. UTC | #6
On 3/29/19 1:58 PM, Khaled Elmously wrote:
> On 2019-03-28 17:19:51 , Tyler Hicks wrote:
>> On 2019-03-15 13:07:39, Aaron Ma wrote:
>>> BugLink: https://bugs.launchpad.net/bugs/1820153
>>>
>>> [Impact]
>>> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
>>> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
>>> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
>>>
>>> [Fix]
>>> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
>>> Disable ATS on the untrusted PCI device.
>>>
>>> [Test]
>>> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
>>> iommu enabled as expected with this fix.
>>>
>>> [Regression Potential]
>>> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
>>> Backported changes are fairly minimal.
>>>
>>> These patches are included in 5.0 kernel, disco is good.
>> These look good to me but you are missing one fixup:
>>
>> d8b859105457 iommu/vt-d: Disable ATS support on untrusted devices
>>
>> With that,
>>
>> Acked-by: Tyler Hicks <tyhicks@canonical.com>
>>
> This patchset was already applied with ACKs from Hui and Stefan.
> Does anything need to change in regards to this new comment?

This patch is merged in 5.1-rc1 after I send out this SRU.
I will append one more patch, just cherry-pick.
Please let me know if it is fine to do it like this way.

Test is done with one additional patch too.

Thanks,
Aaron


> 
> 
> 
>> Tyler
>>
>>> Lu Baolu (1):
>>>   iommu/vt-d: Force IOMMU on for platform opt in hint
>>>
>>> Mika Westerberg (4):
>>>   ACPI / property: Allow multiple property compatible _DSD entries
>>>   PCI / ACPI: Identify untrusted PCI devices
>>>   iommu/vt-d: Do not enable ATS for untrusted devices
>>>   thunderbolt: Export IOMMU based DMA protection support to userspace
>>>
>>>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>>>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>>>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>>>  drivers/acpi/x86/apple.c                      |   2 +-
>>>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>>>  drivers/iommu/dmar.c                          |  25 +++++
>>>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>>>  drivers/pci/pci-acpi.c                        |  19 ++++
>>>  drivers/pci/probe.c                           |  15 +++
>>>  drivers/thunderbolt/domain.c                  |  17 +++
>>>  include/acpi/acpi_bus.h                       |   8 +-
>>>  include/linux/acpi.h                          |   9 ++
>>>  include/linux/dmar.h                          |   8 ++
>>>  include/linux/pci.h                           |   8 ++
>>>  14 files changed, 271 insertions(+), 32 deletions(-)
>>>
>>> -- 
>>> 2.17.1
>>>
>>>
>>> -- 
>>> kernel-team mailing list
>>> kernel-team@lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> -- 
>> kernel-team mailing list
>> kernel-team@lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Khaled Elmously March 29, 2019, 6:37 a.m. UTC | #7
On 2019-03-29 14:32:45 , Aaron Ma wrote:
> 
> 
> On 3/29/19 1:58 PM, Khaled Elmously wrote:
> > On 2019-03-28 17:19:51 , Tyler Hicks wrote:
> >> On 2019-03-15 13:07:39, Aaron Ma wrote:
> >>> BugLink: https://bugs.launchpad.net/bugs/1820153
> >>>
> >>> [Impact]
> >>> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> >>> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> >>> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> >>>
> >>> [Fix]
> >>> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> >>> Disable ATS on the untrusted PCI device.
> >>>
> >>> [Test]
> >>> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> >>> iommu enabled as expected with this fix.
> >>>
> >>> [Regression Potential]
> >>> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> >>> Backported changes are fairly minimal.
> >>>
> >>> These patches are included in 5.0 kernel, disco is good.
> >> These look good to me but you are missing one fixup:
> >>
> >> d8b859105457 iommu/vt-d: Disable ATS support on untrusted devices
> >>
> >> With that,
> >>
> >> Acked-by: Tyler Hicks <tyhicks@canonical.com>
> >>
> > This patchset was already applied with ACKs from Hui and Stefan.
> > Does anything need to change in regards to this new comment?
> 
> This patch is merged in 5.1-rc1 after I send out this SRU.
> I will append one more patch, just cherry-pick.
> Please let me know if it is fine to do it like this way.
> 
> Test is done with one additional patch too.
> 

That works for me. 


> Thanks,
> Aaron
> 
> 
> > 
> > 
> > 
> >> Tyler
> >>
> >>> Lu Baolu (1):
> >>>   iommu/vt-d: Force IOMMU on for platform opt in hint
> >>>
> >>> Mika Westerberg (4):
> >>>   ACPI / property: Allow multiple property compatible _DSD entries
> >>>   PCI / ACPI: Identify untrusted PCI devices
> >>>   iommu/vt-d: Do not enable ATS for untrusted devices
> >>>   thunderbolt: Export IOMMU based DMA protection support to userspace
> >>>
> >>>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
> >>>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
> >>>  drivers/acpi/property.c                       | 105 +++++++++++++-----
> >>>  drivers/acpi/x86/apple.c                      |   2 +-
> >>>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
> >>>  drivers/iommu/dmar.c                          |  25 +++++
> >>>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
> >>>  drivers/pci/pci-acpi.c                        |  19 ++++
> >>>  drivers/pci/probe.c                           |  15 +++
> >>>  drivers/thunderbolt/domain.c                  |  17 +++
> >>>  include/acpi/acpi_bus.h                       |   8 +-
> >>>  include/linux/acpi.h                          |   9 ++
> >>>  include/linux/dmar.h                          |   8 ++
> >>>  include/linux/pci.h                           |   8 ++
> >>>  14 files changed, 271 insertions(+), 32 deletions(-)
> >>>
> >>> -- 
> >>> 2.17.1
> >>>
> >>>
> >>> -- 
> >>> kernel-team mailing list
> >>> kernel-team@lists.ubuntu.com
> >>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> >> -- 
> >> kernel-team mailing list
> >> kernel-team@lists.ubuntu.com
> >> https://lists.ubuntu.com/mailman/listinfo/kernel-team