| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Apr 2009 16:28:50 +0100 From: David Woodhouse <dwmw2@...radead.org> To: Joerg Roedel <joerg.roedel@....com> Cc: linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org, mingo@...hat.com, fujita.tomonori@....ntt.co.jp, airlied@...ux.ie Subject: Re: IOMMU and graphics cards On Tue, 2009-04-28 at 17:05 +0200, Joerg Roedel wrote: > Hi David, > > as I have seen the VT-d code implements a workaround for broken graphics > card drivers. What it does, when enabled, is giving each grahics device > direct access to all physical memory. I really don't like to implement > this but a similar workaround for the AMD IOMMU seems to be necessary. > The biggest problem here is that this kind of workaround disables device > isolation for graphics cards. Device isolation is the main reason for > using an IOMMU in an unvirtualized environment. So if this workaround is > enabled it is as good as disable the IOMMU at all. For that device, yes. The IOMMU still catches errors from _other_ devices, of course. But I agree that it's a crap thing to have to do, and there are probably a number of ways we could make it slightly less crap. For a start, we could at least refrain from mapping the kernel text -- the card has no business DMAing there, whatever happens. > Thats why I think a kernel compile option for this workaround is not > sufficient. Distributors will probably enable this in their kernels > which also disables device isolation even if the user don't want to use > these broken drivers. Yes, that makes a lot of sense. Is the reason you're doing this actually because of broken drivers? Or just because of the performance implications? I've heard both cited as reasons for the 1:1 mapping... and if it's mostly the former, then perhaps the best way for me to help you is to stop enabling the option in Fedora (rawhide, at least), so that the buggy drivers get _fixed_ and you don't get stuck with "it works on Intel, why can't you make it work?" reports? > I think we should change that and provide a better way which allows to > enable this workaround only if it is required (and it should be > transparent to the user which IOMMU is built into the system). > We have several options to do this: > > * Implement a kernel command line option to enable/disable the > workaround (what should be default?) > * Use the IOMMU-API and write a kernel module which creates a > direct mapped protection domain and assigns the graphics > cards to it (need to be done carefully to not break graphics > drivers which do everything right and use the DMA-API) > * Any other great idea? > > So what do you (and all the others reading this :-) think? I would > prefer the way of implementing a module but there may also be reasons > against this. I would like this to be disussed before I implement the > workaround for the AMD IOMMU. I think I also prefer your second option. I don't like having this as a hack in the IOMMU code. -- David Woodhouse Open Source Technology Centre David.Woodhouse@...el.com Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists