lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jun 2020 17:15:07 +0200 From: Pierre Morel <pmorel@...ux.ibm.com> To: Mauricio Tavares <raubvogel@...il.com> Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, linux-s390@...r.kernel.org, virtualization@...ts.linux-foundation.org Subject: Re: [PATCH] s390: protvirt: virtio: Refuse device without IOMMU On 2020-06-12 15:45, Mauricio Tavares wrote: > On Wed, Jun 10, 2020 at 12:32 PM Pierre Morel <pmorel@...ux.ibm.com> wrote: >> >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> > Stupid questions: not stupid at all. :) > > 1. Do all CPU families we care about (which are?) support IOMMU? Ex: > would it recognize an ARM thingie with SMMU? [1] In Message-ID: <6356ba7f-afab-75e1-05ff-4a22b88c610e@...ux.ibm.com> (as answer to Jason) I modified the patch and propose to take care of this problem by using force_dma_unencrypted() inside virtio core instead of a S390 specific test. If we use force_dma_unencrypted(dev) to check if we must refuse a device without the VIRTIO_F_IOMMU_PLATFORM feature, we are safe: only architectures defining CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED will have to define force_dma_unencrypted(dev), and they can choose what to do by checking the architecture functionalities and/or the device. > 2. Would it make sense to have some kind of > yes-I-know-the-consequences-but-I-need-to-have-a-virtio-device-without-iommu-in-this-guest > flag? Yes, two ways: Never refuse a device without VIRTIO_F_IOMMU_PLATFORM, by not defining CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED or by always return 0 in force_dma_unencrypted() have force_dma_unencrypted() selectively answer by checking the device and/or architecture state. > ...snip... >> > > [1] https://developer.arm.com/architectures/system-architectures/system-components/system-mmu-support > Regards, Pierre -- Pierre Morel IBM Lab Boeblingen
Powered by blists - more mailing lists