From patchwork Wed Jul 22 06:44:45 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Koba Ko <koba.ko@canonical.com>
X-Patchwork-Id: 1333569
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BBQv11YBKz9sQt;
	Wed, 22 Jul 2020 16:45:00 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1jy8Uq-0007zS-SO; Wed, 22 Jul 2020 06:44:56 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <koba.ko@canonical.com>) id 1jy8Up-0007z8-Ht
 for kernel-team@lists.ubuntu.com; Wed, 22 Jul 2020 06:44:55 +0000
Received: from mail-pj1-f72.google.com ([209.85.216.72])
 by youngberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <koba.ko@canonical.com>) id 1jy8Up-00054u-4j
 for kernel-team@lists.ubuntu.com; Wed, 22 Jul 2020 06:44:55 +0000
Received: by mail-pj1-f72.google.com with SMTP id w23so815373pjy.7
 for <kernel-team@lists.ubuntu.com>; Tue, 21 Jul 2020 23:44:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references;
 bh=2DFtK7xHnc5xCTy/Vh/dT4Uf5Cl3vlD9n9YVjMjGMug=;
 b=PoSJgUl3sRGfI4TOEtoEw6Nu8S8kuNB7seyybQGpVOpkunsobQWum15ogJHGKJShpb
 0J65oxCqrYYczcZqGjs1E47ZYf3gl95U3XRDs0c/IMCdLeckaQ5F9AEp4dKFmx+a6WoL
 kPtBg/jcAh6MyJf3L9khmOHH+67tTXbvs/8RNg3dmfbPUYM1/r5ssV1xbsSy9WPwrtWn
 l608/HRxnNCL/NzLqLpl29wGJpOMpzxIxQ5Joxex2F/PtDl3gVBjI1THaC/pQR+MfyH+
 H77rkqaZNxyzxHjNs6bqdbozSqxQcAFXlnra2Rf5EgKRXddrHL6uYhiJQgc7vOt78o6Y
 dyOg==
X-Gm-Message-State: AOAM5330C0MFtWDlL/Xjpy2wavFFxH7kQBTSUqb7j3PlXc8j8enU0qOS
 pp7YSuQ4IkBAI83uzIknk9s9fqpDhdwxeO05EFlkzBHz6P+F+i9hjqX7arimXE1rzGp+G7kUl6k
 IhqjckfejbVM+3OZQYl8PnmiuNIFlX+bbEWctCUwwSQ==
X-Received: by 2002:a17:90b:8d6:: with SMTP id
 ds22mr4595015pjb.145.1595400293611;
 Tue, 21 Jul 2020 23:44:53 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJxNtX8RTvaVglv7jlBEdip90dMUaYffdxiElIB8OrJY++FnAxtekJsRGlQmw77kL4xybWhW6w==
X-Received: by 2002:a17:90b:8d6:: with SMTP id
 ds22mr4594996pjb.145.1595400293290;
 Tue, 21 Jul 2020 23:44:53 -0700 (PDT)
Received: from canonical.com (61-220-137-37.HINET-IP.hinet.net.
 [61.220.137.37])
 by smtp.gmail.com with ESMTPSA id z11sm22447579pfk.46.2020.07.21.23.44.52
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 21 Jul 2020 23:44:52 -0700 (PDT)
From: Koba Ko <koba.ko@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 2/2][SRU][OEM-5.6] iommu/vt-d: Don't apply gfx quirks to
 untrusted devices
Date: Wed, 22 Jul 2020 14:44:45 +0800
Message-Id: <20200722064445.30054-3-koba.ko@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200722064445.30054-1-koba.ko@canonical.com>
References: <20200722064445.30054-1-koba.ko@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Rajat Jain <rajatja@google.com>

BugLink: https://bugs.launchpad.net/bugs/1888375   

Currently, an external malicious PCI device can masquerade the VID:PID
of faulty gfx devices, and thus apply iommu quirks to effectively
disable the IOMMU restrictions for itself.

Thus we need to ensure that the device we are applying quirks to, is
indeed an internal trusted device.

Signed-off-by: Rajat Jain <rajatja@google.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20200622231345.29722-4-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
(cherry picked from commit 67e8a5b18d41af9298db5c17193f671f235cce01)
Signed-off-by: Koba Ko <koba.ko@canonical.com>
---
 drivers/iommu/intel-iommu.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 5b70a43154a9..2207b529a0e3 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -5791,6 +5791,23 @@ intel_iommu_domain_set_attr(struct iommu_domain *domain,
 	return ret;
 }
 
+/*
+ * Check that the device does not live on an external facing PCI port that is
+ * marked as untrusted. Such devices should not be able to apply quirks and
+ * thus not be able to bypass the IOMMU restrictions.
+ */
+static bool risky_device(struct pci_dev *pdev)
+{
+       if (pdev->untrusted) {
+               pci_info(pdev,
+                        "Skipping IOMMU quirk for dev [%04X:%04X] on untrusted PCI link\n",
+                        pdev->vendor, pdev->device);
+               pci_info(pdev, "Please check with your BIOS/Platform vendor about this\n");
+               return true;
+       }
+       return false;
+}
+
 const struct iommu_ops intel_iommu_ops = {
 	.capable		= intel_iommu_capable,
 	.domain_alloc		= intel_iommu_domain_alloc,
@@ -5822,6 +5839,9 @@ const struct iommu_ops intel_iommu_ops = {
 
 static void quirk_iommu_igfx(struct pci_dev *dev)
 {
+       if (risky_device(dev))
+               return;
+
 	pci_info(dev, "Disabling IOMMU for graphics on this chipset\n");
 	dmar_map_gfx = 0;
 }
@@ -5863,6 +5883,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx);
 
 static void quirk_iommu_rwbf(struct pci_dev *dev)
 {
+	if (risky_device(dev))
+		return;
 	/*
 	 * Mobile 4 Series Chipset neglects to set RWBF capability,
 	 * but needs it. Same seems to hold for the desktop versions.
@@ -5893,6 +5915,9 @@ static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
 {
 	unsigned short ggc;
 
+	if (risky_device(dev))
+		return;
+
 	if (pci_read_config_word(dev, GGC, &ggc))
 		return;
 
@@ -5947,6 +5972,12 @@ static void __init check_tylersburg_isoch(void)
 	pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
 	if (!pdev)
 		return;
+
+	if (risky_device(pdev)) {
+		pci_dev_put(pdev);
+		return;
+	}
+
 	pci_dev_put(pdev);
 
 	/* System Management Registers. Might be hidden, in which case
@@ -5956,6 +5987,11 @@ static void __init check_tylersburg_isoch(void)
 	if (!pdev)
 		return;
 
+	if (risky_device(pdev)) {
+		pci_dev_put(pdev);
+		return;
+	}
+
 	if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
 		pci_dev_put(pdev);
 		return;