lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 May 2019 13:04:24 +0100 From: Robin Murphy <robin.murphy@....com> To: Auger Eric <eric.auger@...hat.com>, eric.auger.pro@...il.com, iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, kvmarm@...ts.cs.columbia.edu, joro@...tes.org, alex.williamson@...hat.com, jacob.jun.pan@...ux.intel.com, yi.l.liu@...el.com, jean-philippe.brucker@....com, will.deacon@....com Cc: kevin.tian@...el.com, ashok.raj@...el.com, marc.zyngier@....com, christoffer.dall@....com, peter.maydell@...aro.org, vincent.stehle@....com Subject: Re: [PATCH v7 13/23] iommu/smmuv3: Implement attach/detach_pasid_table On 10/05/2019 15:35, Auger Eric wrote: > Hi Robin, > > On 5/8/19 4:38 PM, Robin Murphy wrote: >> On 08/04/2019 13:19, Eric Auger wrote: >>> On attach_pasid_table() we program STE S1 related info set >>> by the guest into the actual physical STEs. At minimum >>> we need to program the context descriptor GPA and compute >>> whether the stage1 is translated/bypassed or aborted. >>> >>> Signed-off-by: Eric Auger <eric.auger@...hat.com> >>> >>> --- >>> v6 -> v7: >>> - check versions and comment the fact we don't need to take >>> into account s1dss and s1fmt >>> v3 -> v4: >>> - adapt to changes in iommu_pasid_table_config >>> - different programming convention at s1_cfg/s2_cfg/ste.abort >>> >>> v2 -> v3: >>> - callback now is named set_pasid_table and struct fields >>> are laid out differently. >>> >>> v1 -> v2: >>> - invalidate the STE before changing them >>> - hold init_mutex >>> - handle new fields >>> --- >>> drivers/iommu/arm-smmu-v3.c | 121 ++++++++++++++++++++++++++++++++++++ >>> 1 file changed, 121 insertions(+) >>> >>> diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c >>> index e22e944ffc05..1486baf53425 100644 >>> --- a/drivers/iommu/arm-smmu-v3.c >>> +++ b/drivers/iommu/arm-smmu-v3.c >>> @@ -2207,6 +2207,125 @@ static void arm_smmu_put_resv_regions(struct >>> device *dev, >>> kfree(entry); >>> } >>> +static int arm_smmu_attach_pasid_table(struct iommu_domain *domain, >>> + struct iommu_pasid_table_config *cfg) >>> +{ >>> + struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain); >>> + struct arm_smmu_master_data *entry; >>> + struct arm_smmu_s1_cfg *s1_cfg; >>> + struct arm_smmu_device *smmu; >>> + unsigned long flags; >>> + int ret = -EINVAL; >>> + >>> + if (cfg->format != IOMMU_PASID_FORMAT_SMMUV3) >>> + return -EINVAL; >>> + >>> + if (cfg->version != PASID_TABLE_CFG_VERSION_1 || >>> + cfg->smmuv3.version != PASID_TABLE_SMMUV3_CFG_VERSION_1) >>> + return -EINVAL; >>> + >>> + mutex_lock(&smmu_domain->init_mutex); >>> + >>> + smmu = smmu_domain->smmu; >>> + >>> + if (!smmu) >>> + goto out; >>> + >>> + if (!((smmu->features & ARM_SMMU_FEAT_TRANS_S1) && >>> + (smmu->features & ARM_SMMU_FEAT_TRANS_S2))) { >>> + dev_info(smmu_domain->smmu->dev, >>> + "does not implement two stages\n"); >>> + goto out; >>> + } >> >> That check is redundant (and frankly looks a little bit spammy). If the >> one below is not enough, there is a problem elsewhere - if it's possible >> for smmu_domain->stage to ever get set to ARM_SMMU_DOMAIN_NESTED without >> both stages of translation present, we've already gone fundamentally wrong. > > Makes sense. Moved that check to arm_smmu_domain_finalise() instead and > remove redundant ones. Urgh, I forgot exactly how the crazy domain-allocation dance worked, such that we're not in a position to refuse the domain_set_attr() call itself, but that does sound like the best compromise for now. Thanks, Robin.
Powered by blists - more mailing lists