lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 2 Apr 2013 20:52:30 -0500
From:	Scott Wood <scottwood@...escale.com>
To:	Timur Tabi <timur@...i.org>
CC:	Joerg Roedel <joro@...tes.org>,
	Varun Sethi <Varun.Sethi@...escale.com>,
	lkml <linux-kernel@...r.kernel.org>,
	Kumar Gala <galak@...nel.crashing.org>,
	<stuart.yoder@...escale.com>, <iommu@...ts.linux-foundation.org>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>
Subject: Re: [PATCH 5/5 v11] iommu/fsl: Freescale PAMU driver and iommu
 implementation.

On 04/02/2013 08:35:54 PM, Timur Tabi wrote:
> On Tue, Apr 2, 2013 at 11:18 AM, Joerg Roedel <joro@...tes.org> wrote:
> 
> > > +     panic("\n");
> >
> > A kernel panic seems like an over-reaction to an access violation.
> 
> We have no way to determining what code caused the violation, so we
> can't just kill the process.  I agree it seems like overkill, but what
> else should we do?  Does the IOMMU layer have a way for the IOMMU
> driver to stop the device that caused the problem?

At a minimum, log a message and continue.  Probably turn off the LIODN,  
at least if it continues to be noisy (otherwise we could get stuck in  
an interrupt storm as you note).  Possibly let the user know somehow,  
especially if it's a VFIO domain.

Don't take down the whole kernel.  It's not just overkill; it  
undermines VFIO's efforts to make it safe for users to control devices.

> > Besides the device that caused the violation the system should still
> > work, no?
> 
> Not really.  The PAMU was designed to add IOMMU support to legacy
> devices, which have no concept of an MMU.  If the PAMU detects an
> access violation, there's no way for the device to recover, because it
> has no idea that a violation has occurred.  It's going to keep on
> writing to bad data.

I think that's only the case for posted writes (or devices which fail  
to take a hint and stop even after they see an I/O error).

-Scott
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ