Hi,
On Fri, May 01, 2020 at 04:07:10PM -0700, Rajat Jain wrote:
> Hi,
>
> Currently, the PCI subsystem marks the PCI devices as "untrusted", if
> the firmware asks it to:
>
> 617654aae50e ("PCI / ACPI: Identify untrusted PCI devices")
> 9cb30a71acd4 ("PCI: OF: Support "external-facing" property")
>
> An "untrusted" device indicates a (likely external facing) device that
> may be malicious, and can trigger DMA attacks on the system. It may
> also try to exploit any vulnerabilities exposed by the driver, that
> may allow it to read/write unintended addresses in the host (e.g. if
> DMA buffers for the device, share memory pages with other driver data
> structures or code etc).
>
> High Level proposal
> ===============
> Currently, the "untrusted" device property is used as a hint to enable
> IOMMU restrictions (on Intel), disable ATS (on ARM) etc. We'd like to
> go a step further, and allow the administrator to build a list of
> whitelisted drivers for these "untrusted" devices.
How about letting the administrator whitelist devices that are trusted,
rather than whitelisting drivers?
The "thunderclap" attack [1] emulates an existing device using an FPGA in
order to get probed by the device driver, and then bypasses a weakened
IOMMU. By design the driver cannot differentiate a well-behaved device
from a malicious one, so changing the trust level of the driver doesn't
feel like the right way. What the admin wants to say is "I trust this
port, no one is plugging any malicious device in here."
Then you could also make the option 3-way: either keep the default trust
fixed by FW, or manually set "trusted" or "untrusted".
For reference there have been several discussions, recently, about letting
admins change IOMMU configuration for a device. A PCI command-line option
[2] was suggested, but I think the current proposal is a sysfs knob on
IOMMU groups [3], that can be changed while devices are unbound from
drivers. It's not completely relevant since the "untrusted" property isn't
tied to the IOMMU subsystem, but seemed worth mentioning.
[1] https://thunderclap.io/thunderclap-paper-ndss2019.pdf
[2] https://lore.kernel.org/linux-iommu/20200101052648.14295-3-baolu.lu@xxxxxxxxxxxxxxx/
[3] https://lore.kernel.org/linux-iommu/5aa5ef20ff81f706aafa9a6af68cef98fe60ad0f.1581619464.git.sai.praneeth.prakhya@xxxxxxxxx/
Thanks,
Jean
> This whitelist of
> drivers are the ones that he trusts enough to have little or no
> vulnerabilities. (He may have built this list of whitelisted drivers
> by a combination of code analysis of drivers, or by extensive testing
> using PCIe fuzzing etc). We propose that the administrator be allowed
> to specify this list of whitelisted drivers to the kernel, and the PCI
> subsystem to impose this behavior:
>
> 1) The "untrusted" devices can bind to only "whitelisted drivers".
> 2) The other devices (i.e. dev->untrusted=0) can bind to any driver.
>
> Of course this behavior is to be imposed only if such a whitelist is
> provided by the administrator.
>
> Details
> ======
>
> 1) A kernel argument ("pci.impose_driver_whitelisting") to enable
> imposing of whitelisting by PCI subsystem.
>
> 2) Add a flag ("whitelisted") in struct pci_driver to indicate whether
> the driver is whitelisted.
>
> 3) Use the driver's "whitelisted" flag and the device's "untrusted"
> flag, to make a decision about whether to bind or not in
> pci_bus_match() or similar.
>
> 4) A mechanism to allow the administrator to specify the whitelist of
> drivers. I think this needs more thought as there are multiple
> options.
>
> a) Expose individual driver's "whitelisted" flag to userspace so a
> boot script can whitelist that driver. There are questions that still
> need answered though e.g. what to do about the devices that may have
> already been enumerated and rejected by then? What to do with the
> already bound devices, if the user changes a driver to remove it from
> the whitelist. etc.
>
> b) Provide a way to specify the whitelist via the kernel command
> line. Accept a ("pci.whitelist") kernel parameter which is a comma
> separated list of driver names (just like "module_blacklist"), and
> then use it to initialize each driver's "whitelisted" flag as the
> drivers are registered. Essentially this would mean that the whitelist
> of devices cannot be changed after boot.
>
> To me (b) looks a better option but I think a future requirement would
> be the ability to remove the drivers from the whitelist after boot
> (adding drivers to whitelist at runtime may not be that critical IMO)
>
> WDYT?
>
> Thanks,
>
> Rajat
