lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Mar 2019 10:29:28 +0200 From: Mika Westerberg <mika.westerberg@...ux.intel.com> To: Lu Baolu <baolu.lu@...ux.intel.com> Cc: Joerg Roedel <joro@...tes.org>, David Woodhouse <dwmw2@...radead.org>, ashok.raj@...el.com, jacob.jun.pan@...el.com, kevin.tian@...el.com, yi.l.liu@...el.com, iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, Jacob Pan <jacob.jun.pan@...ux.intel.com> Subject: Re: [PATCH 1/4] iommu/vt-d: Disable ATS support on untrusted devices On Fri, Mar 01, 2019 at 11:23:10AM +0800, Lu Baolu wrote: > Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted > devices") disables ATS support on the devices which have been marked > as untrusted. Unfortunately this is not enough to fix the DMA attack > vulnerabiltiies because IOMMU driver allows translated requests as > long as a device advertises the ATS capability. Hence a malicious > peripheral device could use this to bypass IOMMU. > > This disables the ATS support on untrusted devices by clearing the > internal per-device ATS mark. As the result, IOMMU driver will block > any translated requests from any device marked as untrusted. > > Cc: Jacob Pan <jacob.jun.pan@...ux.intel.com> > Cc: Mika Westerberg <mika.westerberg@...ux.intel.com> Reviewed-by: Mika Westerberg <mika.westerberg@...ux.intel.com>
Powered by blists - more mailing lists