On Tue, Dec 3, 2019 at 11:11 PM Laszlo Ersek <lersek@xxxxxxxxxx> wrote: > But in this case, we'd have to insert the PPB clearing *before* the > (platform's) IOMMU driver's EBS handler (because the latter is going to > deny, not permit, everything); and we can't modify the IOMMU driver. > > I guess we could install an EBS handler with TPL_NOTIFY (PciIo usage > appears permitted at TPL_NOTIFY, from "Table 27. TPL Restrictions"). But: > - if the IOMMU driver's EBS handler is also to be enqueued at > TPL_NOTIFY, then the order will be unspecified > - if a PCI driver sets up an EBS handler at TPL_CALLBACK, then in our > handler we could shut down a PPB in front of a device bound by that > driver too early. Yeah, that's my concern - doing this more correctly seems to leave us in a situation where we're no longer able to make guarantees about the security properties of the feature. I think I prefer going with something that's guaranteed to give us the properties we want, even at the expense of some compatibility - users who want this can validate it against their platform.
