Re: [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs
On Sat, Jul 4, 2020 at 4:44 AM Pavel Machek wrote: > > Hi! > > > * The first 3 patches tighten the PCI security using ACS, and take care > > of a border case. > > * The 4th patch takes care of PCI bug. > > * 5th and 6th patches expose a device's location into the sysfs to allow > > admin to make decision based on that. > > I see no patch for Documentation -- new sysfs interfaces should be > documented for 5/6. Yes, sorry. The patches 5/6 have run into discussion and it looks are not acceptable at the moment. Thanks, Rajat > > Pavel > > > drivers/base/core.c | 35 +++ > > drivers/iommu/intel/iommu.c | 31 ++- > > drivers/pci/ats.c | 2 +- > > drivers/pci/bus.c | 13 ++-- > > drivers/pci/of.c| 2 +- > > drivers/pci/p2pdma.c| 2 +- > > drivers/pci/pci-acpi.c | 13 ++-- > > drivers/pci/pci-driver.c| 1 + > > drivers/pci/pci.c | 34 ++ > > drivers/pci/pci.h | 3 ++- > > drivers/pci/probe.c | 20 +++--- > > drivers/pci/quirks.c| 19 + > > include/linux/device.h | 42 + > > include/linux/device/bus.h | 8 +++ > > include/linux/pci.h | 13 ++-- > > 15 files changed, 191 insertions(+), 47 deletions(-) > > > > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) > http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Re: [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs
Hi! > * The first 3 patches tighten the PCI security using ACS, and take care > of a border case. > * The 4th patch takes care of PCI bug. > * 5th and 6th patches expose a device's location into the sysfs to allow > admin to make decision based on that. I see no patch for Documentation -- new sysfs interfaces should be documented for 5/6. Pavel > drivers/base/core.c | 35 +++ > drivers/iommu/intel/iommu.c | 31 ++- > drivers/pci/ats.c | 2 +- > drivers/pci/bus.c | 13 ++-- > drivers/pci/of.c| 2 +- > drivers/pci/p2pdma.c| 2 +- > drivers/pci/pci-acpi.c | 13 ++-- > drivers/pci/pci-driver.c| 1 + > drivers/pci/pci.c | 34 ++ > drivers/pci/pci.h | 3 ++- > drivers/pci/probe.c | 20 +++--- > drivers/pci/quirks.c| 19 + > include/linux/device.h | 42 + > include/linux/device/bus.h | 8 +++ > include/linux/pci.h | 13 ++-- > 15 files changed, 191 insertions(+), 47 deletions(-) > -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html signature.asc Description: Digital signature
[PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs
This is a set of loosely related patches most of whom emerged out of discussion in the following threads. In a nutshell the goal was to allow an administrator to specify which driver he wants to allow on external ports, and a strategy was chalked out: https://lore.kernel.org/linux-pci/20200609210400.GA1461839@bjorn-Precision-5520/ https://lore.kernel.org/linux-pci/20200618184621.ga446...@kroah.com/ https://lore.kernel.org/linux-pci/20200627050225.ga226...@kroah.com/ * The first 3 patches tighten the PCI security using ACS, and take care of a border case. * The 4th patch takes care of PCI bug. * 5th and 6th patches expose a device's location into the sysfs to allow admin to make decision based on that. * 7th patch is to ensure that the external devices don't bind to drivers during boot. Rajat Jain (7): PCI: Keep the ACS capability offset in device PCI: Set "untrusted" flag for truly external devices only PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices PCI: Add device even if driver attach failed driver core: Add device location to "struct device" and expose it in sysfs PCI: Move pci_dev->untrusted logic to use device location instead PCI: Add parameter to disable attaching external devices drivers/base/core.c | 35 +++ drivers/iommu/intel/iommu.c | 31 ++- drivers/pci/ats.c | 2 +- drivers/pci/bus.c | 13 ++-- drivers/pci/of.c| 2 +- drivers/pci/p2pdma.c| 2 +- drivers/pci/pci-acpi.c | 13 ++-- drivers/pci/pci-driver.c| 1 + drivers/pci/pci.c | 34 ++ drivers/pci/pci.h | 3 ++- drivers/pci/probe.c | 20 +++--- drivers/pci/quirks.c| 19 + include/linux/device.h | 42 + include/linux/device/bus.h | 8 +++ include/linux/pci.h | 13 ++-- 15 files changed, 191 insertions(+), 47 deletions(-) -- 2.27.0.212.ge8ba1cc988-goog
