lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1500456838-18405-5-git-send-email-anup.patel@broadcom.com>
Date:   Wed, 19 Jul 2017 15:03:57 +0530
From:   Anup Patel <anup.patel@...adcom.com>
To:     Will Deacon <will.deacon@....com>,
        Robin Murphy <robin.murphy@....com>,
        Joerg Roedel <joro@...tes.org>,
        Baptiste Reynal <b.reynal@...tualopensystems.com>,
        Alex Williamson <alex.williamson@...hat.com>
Cc:     Scott Branden <sbranden@...adcom.com>,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        iommu@...ts.linux-foundation.org, kvm@...r.kernel.org,
        bcm-kernel-feedback-list@...adcom.com,
        Anup Patel <anup.patel@...adcom.com>
Subject: [PATCH 4/5] vfio: Allow No-IOMMU mode for IOMMUs with bypass capability

Not allowing No-IOMMU mode for devices already having
iommu_ops on their bus is little conservative.

We now have IOMMU (such as ARM SMMU) which can bypass
transcations for which IOMMU domain is not configured
hence No-IOMMU mode should not be allowed when iommu_ops
are available and IOMMU_CAP_BYPASS is not available.

Signed-off-by: Anup Patel <anup.patel@...adcom.com>
---
 drivers/vfio/vfio.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 330d505..61f3807 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -124,11 +124,18 @@ struct iommu_group *vfio_iommu_group_get(struct device *dev)
 #ifdef CONFIG_VFIO_NOIOMMU
 	/*
 	 * With noiommu enabled, an IOMMU group will be created for a device
-	 * that doesn't already have one and doesn't have an iommu_ops on their
-	 * bus.  We set iommudata simply to be able to identify these groups
+	 * that:
+	 * 1. Doesn't already have IOMMU group
+	 * 2. Doesn't have an iommu_ops on their bus
+	 * 3. Doesn't have transaction bypass capability if iommu_ops
+	 * is available on their bus
+	 *
+	 * We set iommudata simply to be able to identify these groups
 	 * as special use and for reclamation later.
 	 */
-	if (group || !noiommu || iommu_present(dev->bus))
+	if (group || !noiommu ||
+	    (iommu_present(dev->bus) &&
+	     !iommu_capable(dev->bus, IOMMU_CAP_BYPASS)))
 		return group;
 
 	group = iommu_group_alloc();
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ