Re: [PATCH 00/24] Thunderbolt security levels and NVM firmware upgrade

From: Andy Shevchenko
Date: Tue May 23 2017 - 09:26:10 EST

Next message: Johannes Weiner: "Re: [RFC PATCH] mm, oom: cgroup-aware OOM-killer"
Previous message: Kirill A. Shutemov: "Re: [HMM 08/15] mm/ZONE_DEVICE: special case put_page() for device private pages"
In reply to: mika.westerberg@xxxxxxxxxxxxxxx: "Re: [PATCH 00/24] Thunderbolt security levels and NVM firmware upgrade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2017-05-18 at 17:38 +0300, Mika Westerberg wrote:
> Hi all,
>
> This patch series adds support for Thunderbolt security levels, which
> were
> first introduced in Intel Falcon Ridge Thunderbolt controller, to
> prevent
> DMA attacks when PCIe is tunneled over Thunderbolt fabric. This is
> needed
> if there is no IOMMU available for various reasons.
>
> Most PCs out there having Falcon Ridge or newer have security level
> set to
> "user" which means that user authorization is needed before PCIe
> tunnel is
> creaded (the PCIe device appears). This effectively means that without
> driver support the user needs to configure security level from BIOS to
> "none" to get Thunderbolt devices connected. With these patches the
> user
> can authorize devices using sysfs attributes like:
>
> Â # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
>
> In addition these patches add support for upgrading NVM firmware
> running on
> a host or device by running something like:
>
> Â # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-
> 0/nvm_non_active0/nvmem
> Â # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
>
> This is documented with more details in patch [23/24].
>
> This series is based on Amir's networking patches [1] but instead of
> splitting the functionality between kernel driver and userspace
> daemon, we
> take advantage of Linux driver core by converting the existing driver
> to
> expose a Linux bus (domain) and devices (switches). Notifications to
> the
> userspace about plugged/unplugged devices is handled by standard
> uevents
> when a device is added to/removed from the Thunderbolt bus.
>
> Since thunderbolt device identification and authorization can be done
> directly through sysfs attributes there is no need for userspace
> daemon.
> However, there still should be an application that promps user for
> unknown
> devices and allows selecting between "single connect" and "connect
> always"
> keeping this information in a database or similar persistent storage.
> This
> patch series only provides mechanism for userspace applications to
> achieve
> that.
>
> Where Internal Connection Manager (ICM) firmware is available and
> usable,
> we use it in the driver. This also includes newer Apple Macbooks with
> Alpine Ridge. For older Macbooks the driver works as before but in
> addition
> the Thunderbolt bus is available there as well (including possibility
> to
> upgrade NVM firmware of connected devices).
>
> We are also in works of porting Amir's networking driver to work on
> top of
> the new Thunderbolt bus pretty much the same way firewire networking
> is
> currently done. In addition this makes is possible to introduce other
> protocols like a char device that allows userspace directly to
> communicate
> accross Thunderbolt domains.
>
> Note for Macs the Linux native PCIe hotplug support does not work well
> with
> the Thunderbolt PCIe topologies where there is need to put all
> available
> resources to the PCIe downstream port where the PCIe chain is
> extended.
> This is something we need to fix. In the mean time is a way to work it
> around by passing "pci=hpbussize=10,hpmemsize=2M" or so to the kernel
> command line.
>
> These patches use uuid_be from uuid.h but I've learned that there is a
> work
> to remove the type completely in favor of new uuid_t [2]. I'm not sure
> what
> to do regarding that because those patches are not yet in the
> mainline.

Looks like we may use uuid_be for now, though having a patch to switch
to uuid_t eventually.

I have commented few patches (some minor comments), other than that,
FWIW:
Reviewed-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>

>
> [1] https://lkml.org/lkml/2016/11/9/341
> [2] http://git.infradead.org/users/hch/vfs.git/shortlog/refs/heads/uui
> d-types
>
> Mika Westerberg (24):
> Â thunderbolt: Use const buffer pointer in write operations
> Â thunderbolt: Do not try to read UID if DROM offset is read as 0
> Â thunderbolt: Do not warn about newer DROM versions
> Â thunderbolt: Add MSI-X support
> Â thunderbolt: Rework capability handling
> Â thunderbolt: Introduce thunderbolt bus and connection manager
> Â thunderbolt: Convert switch to a device
> Â thunderbolt: Fail switch adding operation if reading DROM fails
> Â thunderbolt: Do not fail if DROM data CRC32 is invalid
> Â thunderbolt: Read vendor and device name from DROM
> Â thunderbolt: Move control channel messages to tb_msgs.h
> Â thunderbolt: Expose get_route() to other files
> Â thunderbolt: Expose make_header() to other files
> Â thunderbolt: Let the connection manager handle all notifications
> Â thunderbolt: Rework control channel to be more reliable
> Â thunderbolt: Add Thunderbolt 3 PCI IDs
> Â thunderbolt: Add support for NHI mailbox
> Â thunderbolt: Store Thunderbolt generation in the switch structure
> Â thunderbolt: Add support for DMA configuration based mailbox
> Â thunderbolt: Do not touch the hardware if the NHI is gone on resume
> Â thunderbolt: Add support for Internal Connection Manager (ICM)
> Â thunderbolt: Add support for host and device NVM firmware upgrade
> Â thunderbolt: Add documentation how Thunderbolt bus can be used
> Â MAINTAINERS: Add maintainers for Thunderbolt driver
>
> ÂDocumentation/ABI/testing/sysfs-bus-thunderbolt |ÂÂ108 +++
> ÂDocumentation/admin-guide/index.rstÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂÂ1 +
> ÂDocumentation/admin-guide/thunderbolt.rstÂÂÂÂÂÂÂ|ÂÂ197 ++++
> ÂMAINTAINERSÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂÂ3 +
> Âdrivers/thunderbolt/KconfigÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ13 +-
> Âdrivers/thunderbolt/MakefileÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂÂ2 +-
> Âdrivers/thunderbolt/cap.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ169 ++--
> Âdrivers/thunderbolt/ctl.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ655 +++++++++----
> Âdrivers/thunderbolt/ctl.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ105 ++-
> Âdrivers/thunderbolt/dma_port.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ524 +++++++++++
> Âdrivers/thunderbolt/dma_port.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ34 +
> Âdrivers/thunderbolt/domain.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ455 ++++++++++
> Âdrivers/thunderbolt/eeprom.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ84 +-
> Âdrivers/thunderbolt/icm.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ| 1098
> ++++++++++++++++++++++
> Âdrivers/thunderbolt/nhi.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ302 +++++-
> Âdrivers/thunderbolt/nhi.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ91 +-
> Âdrivers/thunderbolt/nhi_regs.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ27 +
> Âdrivers/thunderbolt/switch.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ| 1109
> +++++++++++++++++++++--
> Âdrivers/thunderbolt/tb.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ237 ++---
> Âdrivers/thunderbolt/tb.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ242 ++++-
> Âdrivers/thunderbolt/tb_msgs.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ260 ++++++
> Âdrivers/thunderbolt/tb_regs.hÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ31 +-
> Âdrivers/thunderbolt/tunnel_pci.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂÂ17 +-
> Â23 files changed, 5213 insertions(+), 551 deletions(-)
> Âcreate mode 100644 Documentation/ABI/testing/sysfs-bus-thunderbolt
> Âcreate mode 100644 Documentation/admin-guide/thunderbolt.rst
> Âcreate mode 100644 drivers/thunderbolt/dma_port.c
> Âcreate mode 100644 drivers/thunderbolt/dma_port.h
> Âcreate mode 100644 drivers/thunderbolt/domain.c
> Âcreate mode 100644 drivers/thunderbolt/icm.c
> Âcreate mode 100644 drivers/thunderbolt/tb_msgs.h
>

--
Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Intel Finland Oy

Next message: Johannes Weiner: "Re: [RFC PATCH] mm, oom: cgroup-aware OOM-killer"
Previous message: Kirill A. Shutemov: "Re: [HMM 08/15] mm/ZONE_DEVICE: special case put_page() for device private pages"
In reply to: mika.westerberg@xxxxxxxxxxxxxxx: "Re: [PATCH 00/24] Thunderbolt security levels and NVM firmware upgrade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]