lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191014045235.GO4080@umbus.fritz.box>
Date:   Mon, 14 Oct 2019 15:52:35 +1100
From:   David Gibson <david@...son.dropbear.id.au>
To:     Ram Pai <linuxram@...ibm.com>
Cc:     linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org,
        linuxppc-dev@...ts.ozlabs.org,
        virtualization@...ts.linux-foundation.org,
        benh@...nel.crashing.org, mpe@...erman.id.au, paulus@...abs.org,
        mdroth@...ux.vnet.ibm.com, aik@...ux.ibm.com, paul.burton@...s.com,
        robin.murphy@....com, b.zolnierkie@...sung.com,
        m.szyprowski@...sung.com, hch@....de, jasowang@...hat.com,
        andmike@...ibm.com, sukadev@...ux.vnet.ibm.com
Subject: Re: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted

On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote:
> From: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
> 
> Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must
> be set by both device and guest driver. However, as a hack, when DMA API
> returns physical addresses, guest driver can use the DMA API; even though
> device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical
> addresses.
> 
> Doing this works-around POWER secure guests for which only the bounce
> buffer is accessible to the device, but which don't set
> VIRTIO_F_IOMMU_PLATFORM due to a set of hypervisor and architectural bugs.
> To guard against platform changes, breaking any of these assumptions down
> the road, we check at probe time and fail if that's not the case.
> 
> cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>
> cc: David Gibson <david@...son.dropbear.id.au>
> cc: Michael Ellerman <mpe@...erman.id.au>
> cc: Paul Mackerras <paulus@...abs.org>
> cc: Michael Roth <mdroth@...ux.vnet.ibm.com>
> cc: Alexey Kardashevskiy <aik@...ux.ibm.com>
> cc: Jason Wang <jasowang@...hat.com>
> cc: Christoph Hellwig <hch@....de>
> Suggested-by: Michael S. Tsirkin <mst@...hat.com>
> Signed-off-by: Ram Pai <linuxram@...ibm.com>
> Signed-off-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>

Reviewed-by: David Gibson <david@...son.dropbear.id.au>

I don't know that this is the most elegant solution possible.  But
it's simple, gets the job done and pretty unlikely to cause mysterious
breakage down the road.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ