| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1403007757.3707.100.camel@ul30vt.home> Date: Tue, 17 Jun 2014 06:22:37 -0600 From: Alex Williamson <alex.williamson@...hat.com> To: David Woodhouse <dwmw2@...radead.org> Cc: iommu@...ts.linux-foundation.org, chegu_vinod@...com, linux-kernel@...r.kernel.org, Intel Graphics Development <intel-gfx@...ts.freedesktop.org> Subject: Re: [PATCH v2] iommu/intel: Exclude devices using RMRRs from IOMMU API domains On Tue, 2014-06-17 at 08:04 +0100, David Woodhouse wrote: > On Mon, 2014-06-16 at 23:35 -0600, Alex Williamson wrote: > > > > Any idea what an off-the-shelf Asus motherboard would be doing with an > > RMRR on the Intel HD graphics? > > > > dmar: RMRR base: 0x000000bb800000 end: 0x000000bf9fffff > > IOMMU: Setting identity map for device 0000:00:02.0 [0xbb800000 - 0xbf9fffff] > > Hm, we should have thought of that sooner. That's quite normal — it's > for the 'stolen' memory used for the framebuffer. And maybe also the > GTT, and shadow GTT and other things; I forget precisely what, and it > varies from one setup to another. Why exactly do these things need to be identity mapped through the IOMMU? This sounds like something a normal device might do with a coherent mapping. > I'd expect fairly much all systems to have an RMRR for the integrated > graphics device if they have one, and your patch¹ is going to prevent > assignment of those to guests... as you've presumably noticed. > > I'm not sure if the i915 driver is capable of fully reprogramming the > hardware to completely stop using that region, to allow assignment to a > guest with a 'pure' memory map and no stolen region. I suppose it must, > if assignment to guests was working correctly before? IGD assignment has never worked with KVM. > Perhaps the better answer here is not to have the special cases in > 'device_is_rmrr_locked()', and instead allow a device driver to call a > 'iommu_release_rmrrs()' function once it's reset the hardware to *stop* > doing whatever DMA the BIOS set it up with. IGD supports FLR, which is good, but I would assume an FLR doesn't necessarily release use of this region and being a root complex device I don't think we have a bigger hammer reset option. Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists