lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <af1dc92a-ca98-fb22-835f-5ceb85e86b1b@huawei.com>
Date:   Wed, 27 Nov 2019 11:04:25 +0000
From:   John Garry <john.garry@...wei.com>
To:     Saravana Kannan <saravanak@...gle.com>
CC:     Will Deacon <will@...nel.org>, <iommu@...ts.linuxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Jordan Crouse <jcrouse@...eaurora.org>,
        "Bjorn Helgaas" <bhelgaas@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Isaac J. Manjarres" <isaacm@...eaurora.org>,
        Robin Murphy <robin.murphy@....com>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Joerg Roedel <joro@...tes.org>
Subject: Re: [PATCH v3 09/14] iommu/arm-smmu: Prevent forced unbinding of Arm
 SMMU drivers

On 26/11/2019 20:27, Saravana Kannan wrote:
> On Tue, Nov 26, 2019 at 1:13 AM John Garry <john.garry@...wei.com> wrote:
>>
>> On 21/11/2019 11:49, Will Deacon wrote:
>>> Forcefully unbinding the Arm SMMU drivers is a pretty dangerous operation,
>>> since it will likely lead to catastrophic failure for any DMA devices
>>> mastering through the SMMU being unbound. When the driver then attempts
>>> to "handle" the fatal faults, it's very easy to trip over dead data
>>> structures, leading to use-after-free.
>>>
>>> On John's machine, he reports that the machine was "unusable" due to
>>> loss of the storage controller following a forced unbind of the SMMUv3
>>> driver:
>>>
>>>     | # cd ./bus/platform/drivers/arm-smmu-v3
>>>     | # echo arm-smmu-v3.0.auto > unbind
>>>     | hisi_sas_v2_hw HISI0162:01: CQE_AXI_W_ERR (0x800) found!
>>>     | platform arm-smmu-v3.0.auto: CMD_SYNC timeout at 0x00000146
>>>     | [hwprod 0x00000146, hwcons 0x00000000]
>>>
>>> Prevent this forced unbinding of the drivers by setting "suppress_bind_attrs"
>>> to true.
>>
>> This seems a reasonable approach for now.
>>
>> BTW, I'll give this series a spin this week, which again looks to be
>> your iommu/module branch, excluding the new IORT patch.
> 

Hi Saravana,

> Is this on a platform where of_devlink creates device links between
> the iommu device and its suppliers?I'm guessing no? Because device
> links should for unbinding of all the consumers before unbinding the
> supplier.

I'm only really interested in ACPI, TBH.

> 
> Looks like it'll still allow the supplier to unbind if the consumers
> don't allow unbinding. Is that the case here?

So just unbinding the driver from a device does not delete the device 
nor exit the device from it's IOMMU group - so we keep the reference to 
the SMMU ko. As such, I don't know how to realistically test unloading 
the SMMU ko when we have platform devices involved. Maybe someone can 
enlighten me...

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ