| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Jan 2015 09:13:55 -0700
From: Alex Williamson <alex.williamson@...hat.com>
To: GAUGUEY Rémy 228890 <remy.gauguey@....fr>
Cc: Antonios Motakis <a.motakis@...tualopensystems.com>,
"kvmarm@...ts.cs.columbia.edu" <kvmarm@...ts.cs.columbia.edu>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
"open list:VFIO DRIVER" <kvm@...r.kernel.org>,
"will.deacon@....com" <will.deacon@....com>,
open list <linux-kernel@...r.kernel.org>,
"tech@...tualopensystems.com" <tech@...tualopensystems.com>
Subject: Re: [PATCH v3 4/6] vfio: type1: replace domain wide protection
flags with supported capabilities
On Thu, 2015-01-29 at 12:24 +0000, GAUGUEY Rémy 228890 wrote:
> Hi Antonios,
>
> On Thu, 27 Nov 2014 18:22:53 Antonios Motakis wrote:
> >VFIO_IOMMU_TYPE1 keeps track for each domain it knows a list of protection
> >flags it always applies to all mappings in the domain. This is used for
> >domains that support IOMMU_CAP_CACHE_COHERENCY.
> >
> >Refactor this slightly, by keeping track instead that a given domain
> >supports the capability, and applying the IOMMU_CACHE protection flag when
> >doing the actual DMA mappings.
> >
> >This will allow us to reuse the behavior for IOMMU_CAP_NOEXEC, which we
> >also want to keep track of, but without applying it to all domains that
> >support it unless the user explicitly requests it.
> >
> >Signed-off-by: Antonios Motakis <a.motakis@...xxxxxxxxxxxxxxxxxxx>
> >---
> > drivers/vfio/vfio_iommu_type1.c | 25 +++++++++++++++++--------
> > 1 file changed, 17 insertions(+), 8 deletions(-)
> >
> >diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> >index 4a9d666..c54dab8 100644
> >--- a/drivers/vfio/vfio_iommu_type1.c
> >+++ b/drivers/vfio/vfio_iommu_type1.c
> > if (ret)
> > return ret;
> >
> >@@ -731,7 +740,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> > }
> >
> > if (iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
> >- domain->prot |= IOMMU_CACHE;
> >+ domain->caps |= IOMMU_CAP_CACHE_COHERENCY;
>
> IMHO this is not good since IOMMU_CAP_CACHE_COHERENCY is not a bitfield but an enum
> See include/linux/iommu.h
> enum iommu_cap {
> IOMMU_CAP_CACHE_COHERENCY, /* IOMMU can enforce cache coherent DMA
> transactions */
> IOMMU_CAP_INTR_REMAP, /* IOMMU supports interrupt isolation */
> IOMMU_CAP_NOEXEC, /* IOMMU_NOEXEC flag */
> };
Good catch!
> One possible fix would to redefine the enum with values with bitfiled values
> enum iommu_cap {
> IOMMU_CAP_CACHE_COHERENCY = 1, /* IOMMU can enforce cache coherent DMA
> transactions */
> IOMMU_CAP_INTR_REMAP = 2, /* IOMMU supports interrupt isolation */
> IOMMU_CAP_NOEXEC = 4, /* IOMMU_NOEXEC flag */
> };
This seems like a large imposition on the IOMMU code to conform to our
specific use case. Perhaps the method used by the original code to
cache domain overriding mapping flags separately is the better approach.
Thanks,
Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists