lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1422548035.22865.235.camel@redhat.com>
Date:	Thu, 29 Jan 2015 09:13:55 -0700
From:	Alex Williamson <alex.williamson@...hat.com>
To:	GAUGUEY Rémy 228890 <remy.gauguey@....fr>
Cc:	Antonios Motakis <a.motakis@...tualopensystems.com>,
	"kvmarm@...ts.cs.columbia.edu" <kvmarm@...ts.cs.columbia.edu>,
	"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
	"open list:VFIO DRIVER" <kvm@...r.kernel.org>,
	"will.deacon@....com" <will.deacon@....com>,
	open list <linux-kernel@...r.kernel.org>,
	"tech@...tualopensystems.com" <tech@...tualopensystems.com>
Subject: Re: [PATCH v3 4/6] vfio: type1: replace domain wide protection
 flags with supported capabilities

On Thu, 2015-01-29 at 12:24 +0000, GAUGUEY Rémy 228890 wrote:
> Hi Antonios, 
> 
> On Thu, 27 Nov 2014 18:22:53 Antonios Motakis wrote:
> >VFIO_IOMMU_TYPE1 keeps track for each domain it knows a list of protection
> >flags it always applies to all mappings in the domain. This is used for
> >domains that support IOMMU_CAP_CACHE_COHERENCY.
> >
> >Refactor this slightly, by keeping track instead that a given domain
> >supports the capability, and applying the IOMMU_CACHE protection flag when
> >doing the actual DMA mappings.
> >
> >This will allow us to reuse the behavior for IOMMU_CAP_NOEXEC, which we
> >also want to keep track of, but without applying it to all domains that
> >support it unless the user explicitly requests it.
> >
> >Signed-off-by: Antonios Motakis <a.motakis@...xxxxxxxxxxxxxxxxxxx>
> >---
> > drivers/vfio/vfio_iommu_type1.c | 25 +++++++++++++++++--------
> > 1 file changed, 17 insertions(+), 8 deletions(-)
> >
> >diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> >index 4a9d666..c54dab8 100644
> >--- a/drivers/vfio/vfio_iommu_type1.c
> >+++ b/drivers/vfio/vfio_iommu_type1.c
> > 			if (ret)
> > 				return ret;
> > 
> >@@ -731,7 +740,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> > 	}
> > 
> > 	if (iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
> >-		domain->prot |= IOMMU_CACHE;
> >+		domain->caps |= IOMMU_CAP_CACHE_COHERENCY;
> 
> IMHO this is not good since IOMMU_CAP_CACHE_COHERENCY is not a bitfield but an enum 
> See include/linux/iommu.h 
> enum iommu_cap {
> 	IOMMU_CAP_CACHE_COHERENCY,	/* IOMMU can enforce cache coherent DMA
> 					   transactions */
> 	IOMMU_CAP_INTR_REMAP,		/* IOMMU supports interrupt isolation */
> 	IOMMU_CAP_NOEXEC,		/* IOMMU_NOEXEC flag */
> };

Good catch!

> One possible fix would to redefine the enum with values with bitfiled values
> enum iommu_cap {
> 	IOMMU_CAP_CACHE_COHERENCY = 1, /* IOMMU can enforce cache coherent DMA
> 					   transactions */
> 	IOMMU_CAP_INTR_REMAP = 2,	/* IOMMU supports interrupt isolation */
> 	IOMMU_CAP_NOEXEC = 4,		/* IOMMU_NOEXEC flag */
> };

This seems like a large imposition on the IOMMU code to conform to our
specific use case.  Perhaps the method used by the original code to
cache domain overriding mapping flags separately is the better approach.
Thanks,

Alex

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ