Hi On Wed, May 12, 2021 at 2:35 PM Rajat Jain <rajatja@xxxxxxxxxx> wrote: > > A PCI device is "external_facing" if it's a Root Port with the ACPI > "ExternalFacingPort" property or if it has the DT "external-facing" > property. We consider everything downstream from such a device to > be removable by user. > > We're mainly concerned with consumer platforms with user accessible > thunderbolt ports that are vulnerable to DMA attacks, and we expect those > ports to be identified as "ExternalFacingPort". Devices in traditional > hotplug slots can technically be removed, but the expectation is that > unless the port is marked with "ExternalFacingPort", such devices are less > accessible to user / may not be removed by end user, and thus not exposed > as "removable" to userspace. > > Set pci_dev_type.supports_removable so the device core exposes the > "removable" file in sysfs, and tell the device core about removable > devices. > > This can be used by userspace to implment any policies it wants to, > tailored specifically for user removable devices. Eg usage: > https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2591812 > https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2795038 > (code uses such an attribute to remove external PCI devicces or disable > features on them as needed by the policy desired) > > Signed-off-by: Rajat Jain <rajatja@xxxxxxxxxx> > --- > v3: - commit log updated > - Rename set_pci_dev_removable() -> pci_set_removable() > - Call it after applying early PCI quirks. > v2: Add documentation > > Documentation/ABI/testing/sysfs-devices-removable | 3 ++- > drivers/pci/pci-sysfs.c | 1 + > drivers/pci/probe.c | 12 ++++++++++++ > 3 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/Documentation/ABI/testing/sysfs-devices-removable b/Documentation/ABI/testing/sysfs-devices-removable > index 9dabcad7cdcd..ec0b243f5db4 100644 > --- a/Documentation/ABI/testing/sysfs-devices-removable > +++ b/Documentation/ABI/testing/sysfs-devices-removable > @@ -14,4 +14,5 @@ Description: > > Currently this is only supported by USB (which infers the > information from a combination of hub descriptor bits and > - platform-specific data such as ACPI). > + platform-specific data such as ACPI) and PCI (which gets this > + from ACPI / device tree). > diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c > index beb8d1f4fafe..38b3259ba333 100644 > --- a/drivers/pci/pci-sysfs.c > +++ b/drivers/pci/pci-sysfs.c > @@ -1541,4 +1541,5 @@ static const struct attribute_group *pci_dev_attr_groups[] = { > > const struct device_type pci_dev_type = { > .groups = pci_dev_attr_groups, > + .supports_removable = true, > }; > diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c > index 3a62d09b8869..3515afeeaba8 100644 > --- a/drivers/pci/probe.c > +++ b/drivers/pci/probe.c > @@ -1575,6 +1575,16 @@ static void set_pcie_untrusted(struct pci_dev *dev) > dev->untrusted = true; > } > > +static void pci_set_removable(struct pci_dev *dev) > +{ > + struct pci_dev *parent = pci_upstream_bridge(dev); > + if (parent && > + (parent->external_facing || dev_is_removable(&parent->dev))) > + dev_set_removable(&dev->dev, DEVICE_REMOVABLE); > + else > + dev_set_removable(&dev->dev, DEVICE_FIXED); > +} Copying comments from Krzysztof from another thread: [Krzysztof] We were also wondering if we should only set DEVICE_REMOVABLE for devices known to be behind an external-facing port, and let everything else be set to "unknown" (or whatever the default would be). [Rajat]: I think I'm fine with this proposal if Bjorn & PCI community also sees this as a better idea. Essentially the question here is, would it be better for the non-removable PCI devices to be shown as "fixed" or "unknown"? Thanks, Rajat > + > /** > * pci_ext_cfg_is_aliased - Is ext config space just an alias of std config? > * @dev: PCI device > @@ -1822,6 +1832,8 @@ int pci_setup_device(struct pci_dev *dev) > /* Early fixups, before probing the BARs */ > pci_fixup_device(pci_fixup_early, dev); > > + pci_set_removable(dev); > + > pci_info(dev, "[%04x:%04x] type %02x class %#08x\n", > dev->vendor, dev->device, dev->hdr_type, dev->class); > > -- > 2.31.1.607.g51e8a6a459-goog >
