| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Feb 2013 19:11:12 -0800 From: Andy Lutomirski <luto@...capital.net> To: Andy Lutomirski <luto@...capital.net> Cc: Gleb Natapov <gleb@...hat.com>, LKML <linux-kernel@...r.kernel.org>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Alex Williamson <alex.williamson@...hat.com>, Don Zickus <dzickus@...hat.com>, Prarit Bhargava <prarit@...hat.com>, David Woodhouse <dwmw2@...radead.org> Subject: Re: [PATCH] intel_iommu: Disable vfio and kvm interrupt assignment when unsafe On Wed, Feb 6, 2013 at 7:08 PM, Andy Lutomirski <luto@...capital.net> wrote: > We currently report IOMMU_CAP_INTR_REMAP whenever interrupt remapping > is enabled. Users of that capability expect it to mean that remapping > is secure (i.e. compatibility format interrupts are blocked). Explicitly > check whether CFIs are blocked and, if not, don't report the capability. FWIW, I've wanted a feature IOMMU_CAP_SECURE that means that all DMA and MSI from the domain is secure (i.e. only does what is explicitly requested via the iommu api). The current situation is hard to understand, as evidenced by the iommu type 1 stuff in vfio. But I don't even understand what an iommu group is, and I've read a decent chunk of the code. But that's not really relevant to this patch. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists