lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Jul 2020 10:50:54 +0200 From: Auger Eric <eric.auger@...hat.com> To: Jacob Pan <jacob.jun.pan@...ux.intel.com>, iommu@...ts.linux-foundation.org, LKML <linux-kernel@...r.kernel.org>, Lu Baolu <baolu.lu@...ux.intel.com>, Joerg Roedel <joro@...tes.org>, David Woodhouse <dwmw2@...radead.org> Cc: Yi Liu <yi.l.liu@...el.com>, "Tian, Kevin" <kevin.tian@...el.com>, Raj Ashok <ashok.raj@...el.com> Subject: Re: [PATCH v3 7/7] iommu/vt-d: Disable multiple GPASID-dev bind Hi Jacob, On 7/1/20 5:33 PM, Jacob Pan wrote: > For the unlikely use case where multiple aux domains from the same pdev > are attached to a single guest and then bound to a single process > (thus same PASID) within that guest, we cannot easily support this case > by refcounting the number of users. As there is only one SL page table > per PASID while we have multiple aux domains thus multiple SL page tables > for the same PASID. > > Extra unbinding guest PASID can happen due to race between normal and > exception cases. Termination of one aux domain may affect others unless > we actively track and switch aux domains to ensure the validity of SL > page tables and TLB states in the shared PASID entry. > > Support for sharing second level PGDs across domains can reduce the > complexity but this is not available due to the limitations on VFIO > container architecture. We can revisit this decision once sharing PGDs > are available. > > Overall, the complexity and potential glitch do not warrant this unlikely > use case thereby removed by this patch. > > Fixes: 56722a4398a30 ("iommu/vt-d: Add bind guest PASID support") > Acked-by: Lu Baolu <baolu.lu@...ux.intel.com> > Cc: Kevin Tian <kevin.tian@...el.com> > Cc: Lu Baolu <baolu.lu@...ux.intel.com> > Signed-off-by: Liu Yi L <yi.l.liu@...el.com> > Signed-off-by: Jacob Pan <jacob.jun.pan@...ux.intel.com> Reviewed-by: Eric Auger <eric.auger@...hat.com> Thanks Eric > --- > drivers/iommu/intel/svm.c | 22 +++++++++------------- > 1 file changed, 9 insertions(+), 13 deletions(-) > > diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c > index 6c87c807a0ab..d386853121a2 100644 > --- a/drivers/iommu/intel/svm.c > +++ b/drivers/iommu/intel/svm.c > @@ -277,20 +277,16 @@ int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev, > goto out; > } > > + /* > + * Do not allow multiple bindings of the same device-PASID since > + * there is only one SL page tables per PASID. We may revisit > + * once sharing PGD across domains are supported. > + */ > for_each_svm_dev(sdev, svm, dev) { > - /* > - * For devices with aux domains, we should allow > - * multiple bind calls with the same PASID and pdev. > - */ > - if (iommu_dev_feature_enabled(dev, > - IOMMU_DEV_FEAT_AUX)) { > - sdev->users++; > - } else { > - dev_warn_ratelimited(dev, > - "Already bound with PASID %u\n", > - svm->pasid); > - ret = -EBUSY; > - } > + dev_warn_ratelimited(dev, > + "Already bound with PASID %u\n", > + svm->pasid); > + ret = -EBUSY; > goto out; > } > } else { >
Powered by blists - more mailing lists