Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 05:38:53PM +0200, Yehezkel Bernat wrote: > Good point. But I thought about per-TBT-device decision. If the platform is > configured for IOMMU+"user" security level, while approving the device the > user > may want to set also in which IOMMU group to put all the PCIe devices

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 5:20 PM Mika Westerberg wrote: > > On Tue, Nov 13, 2018 at 04:42:58PM +0200, Yehezkel Bernat wrote: > > On Tue, Nov 13, 2018 at 1:40 PM Mika Westerberg > > wrote: > > > > > > On Tue, Nov 13, 2018 at 01:13:31PM +0200, Yehezkel Bernat wrote: > > > > On Tue, Nov 13, 2018 at 1

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 04:42:58PM +0200, Yehezkel Bernat wrote: > On Tue, Nov 13, 2018 at 1:40 PM Mika Westerberg > wrote: > > > > On Tue, Nov 13, 2018 at 01:13:31PM +0200, Yehezkel Bernat wrote: > > > On Tue, Nov 13, 2018 at 12:56 PM Mika Westerberg > > > wrote: > > > > > > > > > Just one point

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 1:40 PM Mika Westerberg wrote: > > On Tue, Nov 13, 2018 at 01:13:31PM +0200, Yehezkel Bernat wrote: > > On Tue, Nov 13, 2018 at 12:56 PM Mika Westerberg > > wrote: > > > > > > > Just one point: > > > > Have you considered the option to add this property per (TBT?) device?

Re: [PATCH] iommu: arm-smmu: Set SCTLR.HUPCF bit

On Tue, Nov 13, 2018 at 1:32 AM Will Deacon wrote: > > On Fri, Nov 09, 2018 at 01:01:55PM -0500, Rob Clark wrote: > > On Mon, Oct 29, 2018 at 3:09 PM Will Deacon wrote: > > > On Thu, Sep 27, 2018 at 06:46:07PM -0400, Rob Clark wrote: > > > > We seem to need to set either this or CFCFG (stall), ot

Re: [PATCH 1/4] PCI / ACPI: Identify external PCI devices

On Tue, Nov 13, 2018 at 01:27:00PM +0200, Mika Westerberg wrote: [...] > > To be frank the concept (and Microsoft _DSD bindings) seems a bit vague > > and not thoroughly defined and I would question its detection at > > PCI/ACPI core level, I would hope this can be clarified at ACPI > > specifica

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 01:13:31PM +0200, Yehezkel Bernat wrote: > On Tue, Nov 13, 2018 at 12:56 PM Mika Westerberg > wrote: > > > > > Just one point: > > > Have you considered the option to add this property per (TBT?) device? > > > > No. ;-) > > > > You mean that one device uses security levels

Re: [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection

On Tue, Nov 13, 2018 at 09:54:24AM +0100, Joerg Roedel wrote: > On Mon, Nov 12, 2018 at 07:06:24PM +0300, Mika Westerberg wrote: > > Lu Baolu (1): > > iommu/vt-d: Force IOMMU on for platform opt in hint > > > > Mika Westerberg (3): > > PCI / ACPI: Identify external PCI devices > > iommu/vt-d

Re: [PATCH 1/4] PCI / ACPI: Identify external PCI devices

On Tue, Nov 13, 2018 at 10:56:36AM +, Lorenzo Pieralisi wrote: > On Mon, Nov 12, 2018 at 07:02:03PM +0100, Lukas Wunner wrote: > > On Mon, Nov 12, 2018 at 07:06:25PM +0300, Mika Westerberg wrote: > > > --- a/drivers/pci/probe.c > > > +++ b/drivers/pci/probe.c > > > @@ -1378,6 +1378,27 @@ static

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Tue, Nov 13, 2018 at 12:56 PM Mika Westerberg wrote: > > > Just one point: > > Have you considered the option to add this property per (TBT?) device? > > No. ;-) > > You mean that one device uses security levels and another IOMMU? I don't > think it is possible without having some sort of table

Re: [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection

On Mon, Nov 12, 2018 at 07:12:14PM +0100, Lukas Wunner wrote: > On Mon, Nov 12, 2018 at 07:06:24PM +0300, Mika Westerberg wrote: > > Recent systems shipping with Windows 10 version 1803 or newer may be > > utilizing IOMMU to prevent DMA attacks via Thunderbolt ports. This is > > different from the

Re: [PATCH 1/4] PCI / ACPI: Identify external PCI devices

On Mon, Nov 12, 2018 at 07:02:03PM +0100, Lukas Wunner wrote: > On Mon, Nov 12, 2018 at 07:06:25PM +0300, Mika Westerberg wrote: > > --- a/drivers/pci/probe.c > > +++ b/drivers/pci/probe.c > > @@ -1378,6 +1378,27 @@ static void set_pcie_thunderbolt(struct pci_dev *dev) > > } > > } > > > > +s

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Mon, Nov 12, 2018 at 06:59:02PM +0200, Yehezkel Bernat wrote: > On Mon, Nov 12, 2018 at 6:06 PM Mika Westerberg > wrote: > > > > Recent systems shipping with Windows 10 version 1803 or later may > > support a feature called Kernel DMA protection [1]. In practice this > > means that Thunderbolt

Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace

On Mon, Nov 12, 2018 at 04:22:25PM +, mario.limoncie...@dell.com wrote: > > +DMA protection utilizing IOMMU > > +-- > > +Recent systems shipping with Windows 10 version 1803 or later may support a > > +feature called `Kernel DMA Protection for Thunderbolt 3`_. This

Re: [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection

On Mon, Nov 12, 2018 at 07:06:24PM +0300, Mika Westerberg wrote: > Lu Baolu (1): > iommu/vt-d: Force IOMMU on for platform opt in hint > > Mika Westerberg (3): > PCI / ACPI: Identify external PCI devices > iommu/vt-d: Do not enable ATS for external devices > thunderbolt: Export IOMMU based