| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191016075521.GA5201@oc0525413822.ibm.com>
Date: Wed, 16 Oct 2019 00:55:21 -0700
From: Ram Pai <linuxram@...ibm.com>
To: Christoph Hellwig <hch@....de>
Cc: linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org,
linuxppc-dev@...ts.ozlabs.org,
virtualization@...ts.linux-foundation.org,
benh@...nel.crashing.org, david@...son.dropbear.id.au,
mpe@...erman.id.au, paulus@...abs.org, mdroth@...ux.vnet.ibm.com,
aik@...ux.ibm.com, paul.burton@...s.com, robin.murphy@....com,
b.zolnierkie@...sung.com, m.szyprowski@...sung.com,
jasowang@...hat.com, andmike@...ibm.com, sukadev@...ux.vnet.ibm.com
Subject: RE: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On Tue, Oct 15, 2019 at 09:35:01AM +0200, Christoph Hellwig wrote:
> On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote:
> > From: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
> >
> > Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must
> > be set by both device and guest driver. However, as a hack, when DMA API
> > returns physical addresses, guest driver can use the DMA API; even though
> > device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical
> > addresses.
>
> Sorry, but this is a complete bullshit hack. Driver must always use
> the DMA API if they do DMA, and if virtio devices use physical addresses
> that needs to be returned through the platform firmware interfaces for
> the dma setup. If you don't do that yet (which based on previous
> informations you don't), you need to fix it, and we can then quirk
> old implementations that already are out in the field.
>
> In other words: we finally need to fix that virtio mess and not pile
> hacks on top of hacks.
So force all virtio devices to use DMA API, except when
VIRTIO_F_IOMMU_PLATFORM is not enabled?
Any help detailing the idea, will enable us fix this issue once for all.
Will something like below work? It removes the prior hacks, and
always uses DMA API; except when VIRTIO_F_IOMMU_PLATFORM is not enabled.
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index c8be1c4..b593d3d 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -240,22 +240,10 @@ static inline bool virtqueue_use_indirect(struct virtqueue *_vq,
static bool vring_use_dma_api(struct virtio_device *vdev)
{
- if (!virtio_has_iommu_quirk(vdev))
- return true;
-
- /* Otherwise, we are left to guess. */
- /*
- * In theory, it's possible to have a buggy QEMU-supposed
- * emulated Q35 IOMMU and Xen enabled at the same time. On
- * such a configuration, virtio has never worked and will
- * not work without an even larger kludge. Instead, enable
- * the DMA API if we're a Xen guest, which at least allows
- * all of the sensible Xen configurations to work correctly.
- */
- if (xen_domain())
- return true;
+ if (virtio_has_iommu_quirk(vdev))
+ return false;
- return false;
+ return true;
}
size_t virtio_max_dma_size(struct virtio_device *vdev)
--
Ram Pai
Powered by blists - more mailing lists