| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Oct 2012 17:41:11 +0000
From: "Mingarelli, Thomas" <Thomas.Mingarelli@...com>
To: "Khan, Shuah" <shuah.khan@...com>
CC: Alex Williamson <alex.williamson@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
Don Dutile <ddutile@...hat.com>,
"Knippers, Linda" <linda.knippers@...com>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"shuahkhan@...il.com" <shuahkhan@...il.com>
Subject: RE: [PATCH v3] Prevent devices with RMRRs from being placed into SI
Domain during startup
I imagine there could be other devices that get a "free ride". Any help or suggestions in that area are greatly appreciated.
Tom
-----Original Message-----
From: Khan, Shuah
Sent: Tuesday, October 16, 2012 12:28 PM
To: Mingarelli, Thomas
Cc: Alex Williamson; David Woodhouse; Don Dutile; Knippers, Linda; iommu@...ts.linux-foundation.org; linux-kernel@...r.kernel.org; shuahkhan@...il.com
Subject: Re: [PATCH v3] Prevent devices with RMRRs from being placed into SI Domain during startup
On Tue, 2012-10-16 at 16:50 +0000, Tom Mingarelli wrote:
> This patch is to prevent devices that have RMRRs associated with them
> from getting placed into the SI Domain during init. We don't put USB devices
> into this category, however. This fixes the issue where the RMRR info
> for devices being placed in and out of the SI Domain gets lost.
>
> Signed-off-by: Thomas Mingarelli <thomas.mingarelli@...com>
> ----
> PATCH v1: https://lkml.org/lkml/2012/6/15/204
> PATCH v2: https://lkml.org/lkml/2012/9/18/354
>
> drivers/iommu/intel-iommu.c | 33 +++++++++++++++++++++++++++++++++
> 1 files changed, 33 insertions(+), 0 deletions(-)
>
> diff -up ./drivers/iommu/intel-iommu.c.ORIG ./drivers/iommu/intel-iommu.c
> --- ./drivers/iommu/intel-iommu.c.ORIG 2012-10-16 09:34:23.148089944 -0500
> +++ ./drivers/iommu/intel-iommu.c 2012-10-16 09:56:56.905932861 -0500
> @@ -2320,8 +2320,41 @@ static int domain_add_dev_info(struct dm
> return 0;
> }
>
> +static bool device_has_rmrr(struct pci_dev *dev)
> +{
> + struct dmar_rmrr_unit *rmrr;
> + int i;
> +
> + for_each_rmrr_units(rmrr) {
> + for (i = 0; i < rmrr->devices_cnt; i++) {
> + /*
> + * Here we are just concerned with checking each device
> + * that has an RMRR associated with it and not allow it
> + * to be placed into the SI Domain during startup.
> + */
> + if (rmrr->devices[i] == dev)
> + return true;
> + }
> + }
> + return false;
> +}
> +
> static int iommu_should_identity_map(struct pci_dev *pdev, int startup)
> {
> +
> + if (startup) {
> + /*
> + * This is where we will refuse any device that has an
> + * RMRR associated with it and is not a USB device and
> + * NOT allow it to be placed into the SI Domain. We
> + * only do this on startup. We don't need a separate bit
> + * for this because it could be ANY device.
> + */
> + if (device_has_rmrr(pdev) &&
> + (pdev->class >> 8) != PCI_CLASS_SERIAL_USB)
Forgot to ask in my last response. Is it sufficient to check _USB. Are
we missing any other devices that use RMRR that would qualify?
> + return 0;
> + }
> +
> if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
> return 1;
>
Powered by blists - more mailing lists