lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Nov 2020 10:27:51 +0800
From:   Zhenzhong Duan <zhenzhong.duan@...il.com>
To:     linux-kernel <linux-kernel@...r.kernel.org>
Cc:     ning.sun@...el.com, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, jroedel@...e.de, tboot-devel@...ts.sourceforge.net,
        David Woodhouse <dwmw2@...radead.org>,
        Lu Baolu <baolu.lu@...ux.intel.com>,
        iommu@...ts.linux-foundation.org
Subject: Re: [PATCH] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot

+intel iommu maintainers,

Can anyone help review this patch? Thanks

Zhenzhong

On Wed, Nov 4, 2020 at 4:15 PM Zhenzhong Duan <zhenzhong.duan@...il.com> wrote:
>
> "intel_iommu=off" command line is used to disable iommu and iommu is force
> enabled in a tboot system. Meanwhile "intel_iommu=tboot_noforce,off"
> could be used to force disable iommu in tboot for better performance.
>
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
>
> Fix it by return 0 in tboot_force_iommu() so that force_on is not set.
>
> Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@...il.com>
> ---
>  arch/x86/kernel/tboot.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
> index 992fb1415c0f..9fd4d162b331 100644
> --- a/arch/x86/kernel/tboot.c
> +++ b/arch/x86/kernel/tboot.c
> @@ -511,12 +511,9 @@ struct acpi_table_header *tboot_get_dmar_table(struct acpi_table_header *dmar_tb
>
>  int tboot_force_iommu(void)
>  {
> -       if (!tboot_enabled())
> +       if (!tboot_enabled() || intel_iommu_tboot_noforce)
>                 return 0;
>
> -       if (intel_iommu_tboot_noforce)
> -               return 1;
> -
>         if (no_iommu || swiotlb || dmar_disabled)
>                 pr_warn("Forcing Intel-IOMMU to enabled\n");
>
> --
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ