lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1402988692.7595.106.camel@i7.infradead.org>
Date:	Tue, 17 Jun 2014 08:04:52 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	Alex Williamson <alex.williamson@...hat.com>
Cc:	iommu@...ts.linux-foundation.org, chegu_vinod@...com,
	linux-kernel@...r.kernel.org,
	Intel Graphics Development <intel-gfx@...ts.freedesktop.org>
Subject: Re: [PATCH v2] iommu/intel: Exclude devices using RMRRs from IOMMU
 API domains

On Mon, 2014-06-16 at 23:35 -0600, Alex Williamson wrote:
> 
> Any idea what an off-the-shelf Asus motherboard would be doing with an
> RMRR on the Intel HD graphics?
> 
> dmar: RMRR base: 0x000000bb800000 end: 0x000000bf9fffff
> IOMMU: Setting identity map for device 0000:00:02.0 [0xbb800000 - 0xbf9fffff]

Hm, we should have thought of that sooner. That's quite normal — it's
for the 'stolen' memory used for the framebuffer. And maybe also the
GTT, and shadow GTT and other things; I forget precisely what, and it
varies from one setup to another.

I'd expect fairly much all systems to have an RMRR for the integrated
graphics device if they have one, and your patch¹ is going to prevent
assignment of those to guests... as you've presumably noticed.

I'm not sure if the i915 driver is capable of fully reprogramming the
hardware to completely stop using that region, to allow assignment to a
guest with a 'pure' memory map and no stolen region. I suppose it must,
if assignment to guests was working correctly before?

Perhaps the better answer here is not to have the special cases in
'device_is_rmrr_locked()', and instead allow a device driver to call a
'iommu_release_rmrrs()' function once it's reset the hardware to *stop*
doing whatever DMA the BIOS set it up with.


-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation

¹ Alex's patch prevents assignment to VM guests of *any* device which has
  RMRRs (reserved regions requiring an IOMMU 1:1 mapping) in its DMAR
  table.

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5745 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ