From patchwork Thu Apr 11 12:40:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 10895877 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4E774922 for ; Thu, 11 Apr 2019 12:41:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2CC2D28C0C for ; Thu, 11 Apr 2019 12:41:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2ADE128D2B; Thu, 11 Apr 2019 12:41:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A867C28C0C for ; Thu, 11 Apr 2019 12:41:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=AwflqH1Z7sq8/o25qK2Kd8y6K1/WbKmOGKDR2QsNMKM=; b=mVVDDyOIUS8kJL WPD8+wPM+VB8N5gp4wx89bSD48ctGMveKrIwZo8KckVIRKy+S1y4faGLOQ+dGSHBzO7ufpsQnJXw/ vjeLmSXHuJZDAymM1hVomwEs1xY5dk2GEFSyL9d5+xB+PoS84eoOyLoIjgZmUYfFx8mqCKAx3lxKc LmIxeCKb1Z4E8B077Yhq/JvwLvovAZ4y1frFioZBJZlHFsD3zOxdaWTfokMb8U4f9HbyWo4vGzcQQ CPH/Jpn5wJQF7Hkpdb7Ybzc17xy0dDK+33zQQzQmvHZfRK7P96fwldH0xWiiFTeJlyDMylIAYWniz em1lK7oAo0A5hoz/pDqg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEZ1X-0000zT-R9; Thu, 11 Apr 2019 12:41:47 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEZ1M-0000mM-5y for linux-arm-kernel@lists.infradead.org; Thu, 11 Apr 2019 12:41:37 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 18F17A78; Thu, 11 Apr 2019 05:41:34 -0700 (PDT) Received: from ostrya.cambridge.arm.com (ostrya.cambridge.arm.com [10.1.196.129]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 90FA43F557; Thu, 11 Apr 2019 05:41:32 -0700 (PDT) From: Jean-Philippe Brucker To: bhelgaas@google.com Subject: [PATCH v3 1/2] dt-bindings: Add external-facing PCIe port property Date: Thu, 11 Apr 2019 13:40:26 +0100 Message-Id: <20190411124027.9490-2-jean-philippe.brucker@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190411124027.9490-1-jean-philippe.brucker@arm.com> References: <20190411124027.9490-1-jean-philippe.brucker@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190411_054136_227031_B442333C X-CRM114-Status: GOOD ( 14.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark.Rutland@arm.com, devicetree@vger.kernel.org, Grant.Likely@arm.com, linux-pci@vger.kernel.org, robh+dt@kernel.org, Robin.Murphy@arm.com, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Provide a way for the firmware to tell the OS which devices are external to the machine and therefore untrusted. The property can describe for example Thunderbolt and other user-accessible ports, which should always have the strongest IOMMU protection. Reviewed-by: Grant Likely Reviewed-by: Rob Herring Reviewed-by: Robin Murphy Signed-off-by: Jean-Philippe Brucker --- Documentation/devicetree/bindings/pci/pci.txt | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/Documentation/devicetree/bindings/pci/pci.txt b/Documentation/devicetree/bindings/pci/pci.txt index c77981c5dd18..92c01db610df 100644 --- a/Documentation/devicetree/bindings/pci/pci.txt +++ b/Documentation/devicetree/bindings/pci/pci.txt @@ -24,3 +24,53 @@ driver implementation may support the following properties: unsupported link speed, for instance, trying to do training for unsupported link speed, etc. Must be '4' for gen4, '3' for gen3, '2' for gen2, and '1' for gen1. Any other values are invalid. + +PCI-PCI Bridge properties +------------------------- + +PCIe root ports and switch ports may be described explicitly in the device +tree, as children of the host bridge node. Even though those devices are +discoverable by probing, it might be necessary to describe properties that +aren't provided by standard PCIe capabilities. + +Required properties: + +- reg: + Identifies the PCI-PCI bridge. As defined in the IEEE Std 1275-1994 + document, it is a five-cell address encoded as (phys.hi phys.mid + phys.lo size.hi size.lo). phys.hi should contain the device's BDF as + 0b00000000 bbbbbbbb dddddfff 00000000. The other cells should be zero. + + The bus number is defined by firmware, through the standard bridge + configuration mechanism. If this port is a switch port, then firmware + allocates the bus number and writes it into the Secondary Bus Number + register of the bridge directly above this port. Otherwise, the bus + number of a root port is the first number in the bus-range property, + defaulting to zero. + + If firmware leaves the ARI Forwarding Enable bit set in the bridge + above this port, then phys.hi contains the 8-bit function number as + 0b00000000 bbbbbbbb ffffffff 00000000. Note that the PCIe specification + recommends that firmware only leaves ARI enabled when it knows that the + OS is ARI-aware. + +Optional properties: + +- external-facing: + When present, the port is external-facing. All bridges and endpoints + downstream of this port are external to the machine. The OS can, for + example, use this information to identify devices that cannot be + trusted with relaxed DMA protection, as users could easily attach + malicious devices to this port. + +Example: + +pcie@10000000 { + compatible = "pci-host-ecam-generic"; + ... + pcie@0008 { + /* Root port 00:01.0 is external-facing */ + reg = <0x00000800 0 0 0 0>; + external-facing; + }; +}; From patchwork Thu Apr 11 12:40:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 10895881 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A68FB1515 for ; Thu, 11 Apr 2019 12:42:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 869D728CDD for ; Thu, 11 Apr 2019 12:42:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 84B3928D30; Thu, 11 Apr 2019 12:42:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 070BE28CDD for ; Thu, 11 Apr 2019 12:42:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LB48hbf00Ac2hQKLyTsCG5lAzNeiwYL+xenIdXsDVF4=; b=J8EXIughnNjkRe uRtXoHV2ekHPbQ2uL/oT1etcqph8v409WiyEf28XEPtRS3N4Y0fi2fJE7BQDPhl1jWyRTfvMFNhwp 428lbHwJL5LOOhcSUWyb2ioM2KJsv8DjSjdJnUFYRptty2IV/OEF1z7Q1RhwgHe+yG9AxaAx/6XSO NUruGqMqmbfgW73OnallUhtENLKY3jV81d4wcdFMZplQcQ/ORlKbKBViX7LNXxUMyKBbtEkB+zxqP wgKJOsQpn+rV75vvHAiak3aT1M1iUzt0n3VrmgMbdgBB6AIdARDlwjQDjwRaMhKfsKGpPCv7VQ4zv /YjFsnbw+kKPf9xRWimw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEZ1h-0001A3-2X; Thu, 11 Apr 2019 12:41:57 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEZ1M-0000nB-Go for linux-arm-kernel@lists.infradead.org; Thu, 11 Apr 2019 12:41:38 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D07E015AD; Thu, 11 Apr 2019 05:41:35 -0700 (PDT) Received: from ostrya.cambridge.arm.com (ostrya.cambridge.arm.com [10.1.196.129]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 52F503F557; Thu, 11 Apr 2019 05:41:34 -0700 (PDT) From: Jean-Philippe Brucker To: bhelgaas@google.com Subject: [PATCH v3 2/2] PCI: OF: Support external-facing property Date: Thu, 11 Apr 2019 13:40:27 +0100 Message-Id: <20190411124027.9490-3-jean-philippe.brucker@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190411124027.9490-1-jean-philippe.brucker@arm.com> References: <20190411124027.9490-1-jean-philippe.brucker@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190411_054136_561296_4DB97CB1 X-CRM114-Status: GOOD ( 12.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark.Rutland@arm.com, devicetree@vger.kernel.org, Grant.Likely@arm.com, linux-pci@vger.kernel.org, robh+dt@kernel.org, Robin.Murphy@arm.com, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Set the "untrusted" attribute to any PCIe port that has an "external-facing" device tree property. Any device downstream of this port will inherit the attribute and have only the strictest IOMMU protection. Signed-off-by: Jean-Philippe Brucker --- v2->v3: * Use of_property_read_bool(). * Firmware can in theory set the property on the host bridge node. Handle this case. * Don't pass a NULL node to the of driver. Although it is handled gracefully at the moment, it isn't documented and we might as well proof this too. --- drivers/pci/of.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/pci/of.c b/drivers/pci/of.c index 3d32da15c215..67376cf45880 100644 --- a/drivers/pci/of.c +++ b/drivers/pci/of.c @@ -31,10 +31,16 @@ void pci_release_of_node(struct pci_dev *dev) void pci_set_bus_of_node(struct pci_bus *bus) { - if (bus->self == NULL) - bus->dev.of_node = pcibios_get_phb_of_node(bus); - else - bus->dev.of_node = of_node_get(bus->self->dev.of_node); + struct device_node *node; + + if (bus->self == NULL) { + node = pcibios_get_phb_of_node(bus); + } else { + node = of_node_get(bus->self->dev.of_node); + if (node && of_property_read_bool(node, "external-facing")) + bus->self->untrusted = true; + } + bus->dev.of_node = node; } void pci_release_bus_of_node(struct pci_bus *bus)