| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180607090540.3e7b6946@w520.home>
Date: Thu, 7 Jun 2018 09:05:40 -0600
From: Alex Williamson <alex.williamson@...hat.com>
To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@...wei.com>
Cc: "eric.auger@...hat.com" <eric.auger@...hat.com>,
"pmorel@...ux.vnet.ibm.com" <pmorel@...ux.vnet.ibm.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
Linuxarm <linuxarm@...wei.com>,
"John Garry" <john.garry@...wei.com>,
"xuwei (O)" <xuwei5@...wei.com>, Joerg Roedel <joro@...tes.org>,
David Woodhouse <dwmw2@...radead.org>
Subject: Re: [PATCH v6 0/7] vfio/type1: Add support for valid iova list
management
On Wed, 6 Jun 2018 06:52:08 +0000
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@...wei.com> wrote:
> > -----Original Message-----
> > From: Alex Williamson [mailto:alex.williamson@...hat.com]
> > Sent: 05 June 2018 18:03
> > To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@...wei.com>
> > Cc: eric.auger@...hat.com; pmorel@...ux.vnet.ibm.com;
> > kvm@...r.kernel.org; linux-kernel@...r.kernel.org; iommu@...ts.linux-
> > foundation.org; Linuxarm <linuxarm@...wei.com>; John Garry
> > <john.garry@...wei.com>; xuwei (O) <xuwei5@...wei.com>; Joerg Roedel
> > <joro@...tes.org>; David Woodhouse <dwmw2@...radead.org>
> > Subject: Re: [PATCH v6 0/7] vfio/type1: Add support for valid iova list
> > management
> >
> > [Cc +dwmw2]
> >
> > On Fri, 25 May 2018 14:54:08 -0600
> > Alex Williamson <alex.williamson@...hat.com> wrote:
> >
> > > On Fri, 25 May 2018 08:45:36 +0000
> > > Shameerali Kolothum Thodi <shameerali.kolothum.thodi@...wei.com>
> > wrote:
> > >
> > > > Yes, the above changes related to list empty cases looks fine to me.
> > >
> > > Thanks Shameer, applied to my next branch with the discussed fixes for
> > > v4.18 (modulo patch 4/7 which Joerg already pushed for v4.17). Thanks,
> >
> > Hi Shameer,
> >
> > We're still hitting issues with this. VT-d marks reserved regions for
> > any RMRR ranges, which are IOVA ranges that the BIOS requests to be
> > identity mapped for a device. These are indicated by these sorts of
> > log entries on boot:
> >
> > DMAR: Setting RMRR:
> > DMAR: Setting identity map for device 0000:00:02.0 [0xbf800000 - 0xcf9fffff]
> > DMAR: Setting identity map for device 0000:00:1a.0 [0xbe8d1000 - 0xbe8dffff]
> > DMAR: Setting identity map for device 0000:00:1d.0 [0xbe8d1000 - 0xbe8dffff]
> >
> > So while for an unaffected device, I see very usable ranges for QEMU,
> > such as:
> >
> > 00: 0000000000000000 - 00000000fedfffff
> > 01: 00000000fef00000 - 01ffffffffffffff
> >
> > If I try to assign the previously assignable 00:02.0 IGD graphics
> > device, I get:
> >
> > 00: 0000000000000000 - 00000000bf7fffff
> > 01: 00000000cfa00000 - 00000000fedfffff
> > 02: 00000000fef00000 - 01ffffffffffffff
> >
> > And we get a fault when QEMU tries the following mapping:
> >
> > vfio_dma_map(0x55f790421a20, 0x100000, 0xbff00000, 0x7ff163f00000)
> >
> > bff00000 clearly extends into the gap starting at bf800000. VT-d is
> > rather split-brained about RMRRs, typically we'd exclude devices from
> > assignment at all for relying on RMRRs and these reserved ranges
> > would be a welcome mechanism to avoid conflicts with those ranges, but
> > for RMRR ranges covering IGD and USB devices we've decided that we
> > don't need to honor the RMRR (see device_is_rmrr_locked()), but it's
> > still listed as a reserved range and bites us here.
>
> Ah..:(. This looks similar to the pci window range reporting issue faced in
> the arm world. I see the RFC you have sent out to ignore these "known"
> RMRRs. Hope we will be able to resolve this soon.
In the meantime, it seems that I need to drop the iova list from my
branch for v4.18, I don't think it makes much sense to expose to
userspace if we cannot also enforce it and it seems like it presents API
issues if we were to expose the iova list without enforcement and later
try to enforce it. Sorry I didn't catch this earlier. Thanks,
Alex
Powered by blists - more mailing lists