lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200615123725.13f6a8de.pasic@linux.ibm.com>
Date:   Mon, 15 Jun 2020 12:37:25 +0200
From:   Halil Pasic <pasic@...ux.ibm.com>
To:     Jason Wang <jasowang@...hat.com>
Cc:     Pierre Morel <pmorel@...ux.ibm.com>, linux-kernel@...r.kernel.org,
        borntraeger@...ibm.com, frankja@...ux.ibm.com, mst@...hat.com,
        cohuck@...hat.com, kvm@...r.kernel.org, linux-s390@...r.kernel.org,
        virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH] s390: protvirt: virtio: Refuse device without IOMMU

On Mon, 15 Jun 2020 11:01:55 +0800
Jason Wang <jasowang@...hat.com> wrote:

> > hum, in between I found another way which seems to me much better:
> >
> > We already have the force_dma_unencrypted() function available which 
> > AFAIU is what we want for encrypted memory protection and is already 
> > used by power and x86 SEV/SME in a way that seems AFAIU compatible 
> > with our problem.
> >
> > Even DMA and IOMMU are different things, I think they should be used 
> > together in our case.
> >
> > What do you think?
> >
> > The patch would then be something like:
> >
> > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> > index a977e32a88f2..53476d5bbe35 100644
> > --- a/drivers/virtio/virtio.c
> > +++ b/drivers/virtio/virtio.c
> > @@ -4,6 +4,7 @@
> >  #include <linux/virtio_config.h>
> >  #include <linux/module.h>
> >  #include <linux/idr.h>
> > +#include <linux/dma-direct.h>
> >  #include <uapi/linux/virtio_ids.h>
> >
> >  /* Unique numbering for virtio devices. */
> > @@ -179,6 +180,10 @@ int virtio_finalize_features(struct virtio_device 
> > *dev)
> >         if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
> >                 return 0;
> >
> > +       if (force_dma_unencrypted(&dev->dev) &&
> > +           !virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM))
> > +               return -EIO;
> > +
> >         virtio_add_status(dev, VIRTIO_CONFIG_S_FEATURES_OK);
> >         status = dev->config->get_status(dev);
> >         if (!(status & VIRTIO_CONFIG_S_FEATURES_OK)) {  
> 
> 
> I think this can work but need to listen from Michael

I don't think Christoph Hellwig will like force_dma_unencrypted()
in virtio code:
https://lkml.org/lkml/2020/2/20/630

Regards,
Halil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ