lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181112195121.GC5367@araj-mobl1.jf.intel.com>
Date:   Mon, 12 Nov 2018 11:51:21 -0800
From:   "Raj, Ashok" <ashok.raj@...el.com>
To:     Alex Williamson <alex.williamson@...hat.com>
Cc:     Mika Westerberg <mika.westerberg@...ux.intel.com>,
        iommu@...ts.linux-foundation.org, Mario.Limonciello@...l.com,
        Michael Jamet <michael.jamet@...el.com>,
        Christian Kellner <ckellner@...hat.com>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Yehezkel Bernat <YehezkelShB@...il.com>,
        Anthony Wong <anthony.wong@...onical.com>,
        Andreas Noever <andreas.noever@...il.com>,
        Lukas Wunner <lukas@...ner.de>,
        Jacob jun Pan <jacob.jun.pan@...el.com>,
        linux-pci@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
        linux-acpi@...r.kernel.org, David Woodhouse <dwmw2@...radead.org>,
        linux-kernel@...r.kernel.org, Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH 2/4] iommu/vt-d: Force IOMMU on for platform opt in hint

On Mon, Nov 12, 2018 at 11:09:00AM -0700, Alex Williamson wrote:
> On Mon, 12 Nov 2018 19:06:26 +0300
> Mika Westerberg <mika.westerberg@...ux.intel.com> wrote:
> 
> > From: Lu Baolu <baolu.lu@...ux.intel.com>
> > 
> > Intel VT-d spec added a new DMA_CTRL_PLATFORM_OPT_IN_FLAG flag
> > in DMAR ACPI table for BIOS to report compliance about platform
> > initiated DMA restricted to RMRR ranges when transferring control
> > to the OS. The OS treats this as a hint that the IOMMU should be
> > enabled to prevent DMA attacks from possible malicious devices.
> 
> Does this in any way suggest that there are additional recommended uses
> cases from Intel for RMRRs?  My concern here is the incompatibility we
> have with RMRRs and device assignment as we currently cannot assign
> devices where the IOVA address space is encumbered by RMRR
> requirements.  Unfortunately RMRRs do not indicate any sort or
> lifespan, so firmware enabling an RMRR simply to support some boot-time
> DMA encumbers the device with that RMRR for the life of that boot,
> unless we have VT-d code that decides it knows better.  Thanks,

IMO any new platform that requires RMRR should be a bug. It was designed 
originally for some legacy keyboard emulation etc.

The best behavior is to continue to not allow devices with RMRR be direct assigned.

Technically ignoring RMRR's and continuing to assign those devices is risky.
The problem is IF BIOS/SMM initiates some IO in the RMRR range and it happens to be
mapped by the direct assigned GPA its going to be ugly failure.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ