On Mon, Nov 21, 2016 at 7:53 AM Timothy Pearson <tpearson@raptorengineering.com> wrote:

A quick check through the source seems to indicate that the generic
pci_set_resource function will enable bus mastering on any PCI bridges.
 From that point on, if I'm not mistaken, any malicious device that
exposed a bridge interface could enable mastering for any logical
devices behind the bridge and attack the host.  Am I missing something?

probably not. Back in the early days this kind of thing was not an issue. 

We've always had to adjust for limits in the kernels we support. We have a PCI subsystem mainly because, in 2000, linux could not handle an unconfigured PCI bus -- it interpreted a "0 bar" as meaning "device disabled by BIOS" -- really!

I suspect the BME enable on bridges was done because Linux or other guests didn't know how to configure bridges correctly. But Linux and other kernels are a lot better now than they were; I wonder if we should stop enabling BME on bridges. 

In any event, however, if we make this change it should be done in small steps, and I think a good first small step is to start with things that *look* obvious, like the aforementioned NIC. I am going to submit a CL today to remove BME from that and see how much upset it causes :-)