| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Mar 2010 12:51:25 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Neil Horman <nhorman@...driver.com> Cc: Vivek Goyal <vgoyal@...hat.com>, iommu@...ts.linux-foundation.org, joerg.roedel@....com, hbabu@...ibm.com, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] amd iommu: force flush of iommu prior during shutdown Neil Horman <nhorman@...driver.com> writes: > On Wed, Mar 31, 2010 at 11:57:46AM -0700, Eric W. Biederman wrote: >> Neil Horman <nhorman@...driver.com> writes: >> >> > On Wed, Mar 31, 2010 at 11:54:30AM -0400, Vivek Goyal wrote: >> >> >> So this call amd_iommu_flush_all_devices() will be able to tell devices >> >> that don't do any more DMAs and hence it is safe to reprogram iommu >> >> mapping entries. >> >> >> > It blocks the cpu until any pending DMA operations are complete. Hmm, as I >> > think about it, there is still a small possibility that a device like a NIC >> > which has several buffers pre-dma-mapped could start a new dma before we >> > completely disabled the iommu, althought thats small. I never saw that in my >> > testing, but hitting that would be fairly difficult I think, since its literally >> > just a few hundred cycles between the flush and the actual hardware disable >> > operation. >> > >> > According to this though: >> > http://support.amd.com/us/Processor_TechDocs/34434-IOMMU-Rev_1.26_2-11-09.pdf >> > That window could be closed fairly easily, but simply disabling read and write >> > permissions for each device table entry prior to calling flush. If we do that, >> > then flush the device table, any subsequently started dma operation would just >> > get noted in the error log, which we could ignore, since we're abot to boot to >> > the kdump kernel anyway. >> > >> > Would you like me to respin w/ that modification? >> >> Disabling permissions on all devices sounds good for the new virtualization >> capable iommus. I think older iommus will still be challenged. I think >> on x86 we have simply been able to avoid using those older iommus. >> >> I like the direction you are going but please let's put this in a >> paranoid iommu enable routine. >> > You mean like initialize the device table so that all devices are default > disabled on boot, and then selectively enable them (perhaps during a > device_attach)? I can give that a spin. That sounds good. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists