lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 25 May 2019 13:41:21 +0800
From:   Lu Baolu <>
To:     David Woodhouse <>,
        Joerg Roedel <>
Cc:,,,,,,,,, Lu Baolu <>
Subject: [PATCH v4 00/15] iommu/vt-d: Delegate DMA domain to generic iommu


This patchset delegates the iommu DMA domain management to the
generic iommu layer. It avoids the use of find_or_alloc_domain
whose domain assignment is inconsistent with the iommu grouping
as determined by pci_device_group.

The major change is to permit domains of type IOMMU_DOMAIN_DMA
and IOMMU_DOMAIN_IDENTITY to be allocated via the iommu_ops api.
This allows the default_domain of an iommu group to be set in
iommu.c. This domain will be attached to every device that is
brought up with an iommu group, and the devices reserved regions
will be mapped using regions returned by get_resv_regions.

The default domain implementation defines a default domain type
and a domain of the default domain type will be allocated and
attached to devices which belong to a same group. Unfortunately,
this doesn't work for some quirky devices which is known to only
work with a specific domain type. PATCH 1/15 adds an iommu ops
which allows the IOMMU driver to request a dma domain if the
default identity domain doesn't match the device. Together with
iommu_request_dm_for_dev(), we can handle the mismatching cases
in a nice way.

Other changes are limited within the Intel IOMMU driver. They
mainly allow the driver to adapt to allocating domains, attaching
domains, applying and direct mapping reserved memory regions,
deferred domain attachment, and so on, via the iommu_ops api's.

This patchset was initiated by James Sewart. The v1 and v2 were
posted here [1] [2] for discussion. Lu Baolu took over the work
for testing and bug fixing with permission from James Sewart.

This version of implementation depends on the patchset of "RMRR
related fixes and enhancements". The latest version is under
discussion at [3]. It allows the iommu_alloc_resv_region() to
be called in a non preemptible section.


Best regards,
Lu Baolu

Change log:
  - Add code to probe the DMA-capable devices through ACPI
    name space.
  - Remove the callbacks for pci hot-plug devices in Intel
    IOMMU driver.
  - Remove the code to prepare static identity map during
  - Add iommu_request_dma_domain_for_dev() to request dma
    domain in case the default identity domain doesn't match
    the device.

  - Add supported default domain type callback.
  - Make the iommu map() callback work even the domain is not
  - Add domain deferred attach when iommu is pre-enabled in
    kdump kernel.

  - Refactored ISA direct mappings to be returned by
  - Integrated patch by Lu to defer turning on DMAR until iommu.c
    has mapped reserved regions.
  - Integrated patches by Lu to remove more unused code in cleanup.

  -Original post

James Sewart (1):
  iommu/vt-d: Implement apply_resv_region iommu ops entry

Lu Baolu (14):
  iommu: Add API to request DMA domain for device
  iommu/vt-d: Expose ISA direct mapping region via
  iommu/vt-d: Enable DMA remapping after rmrr mapped
  iommu/vt-d: Add device_def_domain_type() helper
  iommu/vt-d: Delegate the identity domain to upper layer
  iommu/vt-d: Delegate the dma domain to upper layer
  iommu/vt-d: Identify default domains replaced with private
  iommu/vt-d: Handle 32bit device with identity default domain
  iommu/vt-d: Probe DMA-capable ACPI name space devices
  iommu/vt-d: Implement is_attach_deferred iommu ops entry
  iommu/vt-d: Cleanup get_valid_domain_for_dev()
  iommu/vt-d: Remove startup parameter from device_def_domain_type()
  iommu/vt-d: Remove duplicated code for device hotplug
  iommu/vt-d: Remove static identity map code

 drivers/iommu/intel-iommu.c | 608 +++++++++++++++++-------------------
 drivers/iommu/iommu.c       |  36 ++-
 include/linux/intel-iommu.h |   1 -
 include/linux/iommu.h       |   6 +
 4 files changed, 324 insertions(+), 327 deletions(-)


Powered by blists - more mailing lists