On Mon, 23 Dec 2019 at 16:46, Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote: > > On Mon, Dec 23, 2019 at 03:02:40PM +0100, Ard Biesheuvel wrote: > > > > Practically, on PCIe systems, PCI/PCI bridges are the only thing we > > need to care about, since that is how PCIe root ports are modelled. > > If I'm interpreting my lspci output correctly, I have a PCI/ISA bridge > on bus 0 that's not behind a PCI/PCI bridge. Device 1f.0 below is the > PCI/ISA bridge. Yeah, this is the LPC controller, right? What devices are actually on that bus that are not closely tied to the chipset? > Devices 1-3 are the CPU root ports and 1c.* are the > chipset root ports. > Right. > Also, what about for eg, the USB or SATA controllers? I know that > someone had said earlier that disabling BM on endpoints is pointless as > malicious endpoints could just re-enable it, but is it not possible for > malicious USB devices/SATA devices to try to use DMA through those > controllers? ie if we trust the controllers since they're on-board, but > not necessarily the devices behind them, wouldn't it still be worth it > to disable BM on the controllers too? > At this point, it probably makes sense to clarify what the threat model is. I have been assuming (but Matthew should confirm) that we're primarily concerned with DMA attacks over, e.g., Thunderbolt ports, in which case managing the BM bit at the root port level should be sufficient. If there are other things we want to address (or if my assumption was incorrect), we should clarify this first, before deciding what the right mitigation would be. > $ lspci -tv -s 0:0: > -[0000:00]-+-00.0 Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D DMI2 > +-01.0-[01]-- > +-01.1-[02]-- > +-02.0-[03]-- > +-02.2-[04]-- > +-03.0-[05]-- > +-03.2-[06-09]-- > +-05.0 Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D Map/VTd_Misc/System Management > +-05.1 Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D IIO Hot Plug > +-05.2 Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D IIO RAS/Control Status/Global Errors > +-05.4 Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D I/O APIC > +-11.0 Intel Corporation C610/X99 series chipset SPSR > +-11.4 Intel Corporation C610/X99 series chipset sSATA Controller [AHCI mode] > +-14.0 Intel Corporation C610/X99 series chipset USB xHCI Host Controller > +-16.0 Intel Corporation C610/X99 series chipset MEI Controller #1 > +-16.1 Intel Corporation C610/X99 series chipset MEI Controller #2 > +-1a.0 Intel Corporation C610/X99 series chipset USB Enhanced Host Controller #2 > +-1b.0 Intel Corporation C610/X99 series chipset HD Audio Controller > +-1c.0-[0a]-- > +-1c.2-[0b]-- > +-1c.3-[0c]-- > +-1c.4-[0d]-- > +-1c.7-[0e-0f]-- > +-1d.0 Intel Corporation C610/X99 series chipset USB Enhanced Host Controller #1 > +-1f.0 Intel Corporation C610/X99 series chipset LPC Controller > +-1f.2 Intel Corporation C610/X99 series chipset 6-Port SATA Controller [AHCI mode] > \-1f.3 Intel Corporation C610/X99 series chipset SMBus Controller >
