lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 16 Jul 2015 09:43:55 -0600
From:	Alex Williamson <alex.williamson@...hat.com>
To:	Joerg Roedel <joro@...tes.org>
Cc:	iommu@...ts.linux-foundation.org, dwmw2@...radead.org,
	jiang.liu@...ux.intel.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iommu/vt-d: Fix VM domain ID leak

On Thu, 2015-07-16 at 17:20 +0200, Joerg Roedel wrote:
> On Tue, Jul 14, 2015 at 02:48:53PM -0600, Alex Williamson wrote:
> > This continues the attempt to fix commit fb170fb4c548 ("iommu/vt-d:
> > Introduce helper functions to make code symmetric for readability").
> > The previous attempt in commit 71684406905f ("iommu/vt-d: Detach
> > domain *only* from attached iommus") overlooked the fact that
> > dmar_domain.iommu_bmp gets cleared for VM domains when devices are
> > detached:
> > 
> > intel_iommu_detach_device
> >   domain_remove_one_dev_info
> >     domain_detach_iommu
> > 
> > The domain is detached from the iommu, but the iommu is still attached
> > to the domain, for whatever reason.
> 
> Gaah, this whole vm_or_si special handling is a complete and fragile
> mess.

+1

> The only reason for keeping the domain-id allocated in the iommu
> seems to be that it can be re-used later, when another device behind
> this iommu is attached to the domain. But this is hardly a justification
> for the complexity and special case handling here, so how about this
> diff instead:
> 
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index a98a7b2..c8fc8c8 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4618,8 +4618,7 @@ static void domain_remove_one_dev_info(struct dmar_domain *domain,
>  
>  	if (found == 0) {
>  		domain_detach_iommu(domain, iommu);
> -		if (!domain_type_is_vm_or_si(domain))
> -			iommu_detach_domain(domain, iommu);
> +		iommu_detach_domain(domain, iommu);
>  	}
>  }
>  
> This removes the caching of domain-ids, and iommu_detach_domain
> correctly handles all types of domains (dma-api, vm and si). It should
> be safe, but can you please double-check?

I was tempted to do this as well, but what about
domain_remove_dev_info() where we also handle vm domains specially and
don't do a symmetric detach in both directions?  I started down that
path but quickly found the code to fragile to make those kinds of
changes.  Thanks,

Alex



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ