lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <275eba4b-dd35-aa95-b2e3-9c5cbf7c6d71@linux.intel.com>
Date:   Wed, 29 Apr 2020 10:22:32 +0800
From:   Lu Baolu <baolu.lu@...ux.intel.com>
To:     "Michael S. Tsirkin" <mst@...hat.com>,
        Srivatsa Vaddagiri <vatsa@...eaurora.org>
Cc:     baolu.lu@...ux.intel.com, tsoni@...eaurora.org,
        virtio-dev@...ts.oasis-open.org, konrad.wilk@...cle.com,
        jan.kiszka@...mens.com, jasowang@...hat.com,
        christoffer.dall@....com,
        virtualization@...ts.linux-foundation.org, alex.bennee@...aro.org,
        iommu@...ts.linux-foundation.org, stefano.stabellini@...inx.com,
        will@...nel.org, linux-kernel@...r.kernel.org,
        pratikp@...eaurora.org
Subject: Re: [PATCH 5/5] virtio: Add bounce DMA ops

On 2020/4/29 4:41, Michael S. Tsirkin wrote:
> On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:
>> * Michael S. Tsirkin<mst@...hat.com>  [2020-04-28 12:17:57]:
>>
>>> Okay, but how is all this virtio specific?  For example, why not allow
>>> separate swiotlbs for any type of device?
>>> For example, this might make sense if a given device is from a
>>> different, less trusted vendor.
>> Is swiotlb commonly used for multiple devices that may be on different trust
>> boundaries (and not behind a hardware iommu)?
> Even a hardware iommu does not imply a 100% security from malicious
> hardware. First lots of people use iommu=pt for performance reasons.
> Second even without pt, unmaps are often batched, and sub-page buffers
> might be used for DMA, so we are not 100% protected at all times.
> 

For untrusted devices, IOMMU is forced on even iommu=pt is used; and
iotlb flush is in strict mode (no batched flushes); ATS is also not
allowed. Swiotlb is used to protect sub-page buffers since IOMMU can
only apply page granularity protection. Swiotlb is now used for devices
from different trust zone.

Best regards,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ