| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <MWHPR11MB1886F4395B64EC23277D88328C849@MWHPR11MB1886.namprd11.prod.outlook.com>
Date: Fri, 19 Feb 2021 06:19:04 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Jacob Pan <jacob.jun.pan@...ux.intel.com>,
LKML <linux-kernel@...r.kernel.org>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
Joerg Roedel <joro@...tes.org>,
Lu Baolu <baolu.lu@...ux.intel.com>
CC: "Liu, Yi L" <yi.l.liu@...el.com>,
"Raj, Ashok" <ashok.raj@...el.com>, "Wu, Hao" <hao.wu@...el.com>,
"Sun, Yi Y" <yi.y.sun@...el.com>,
"Jiang, Dave" <dave.jiang@...el.com>,
Eric Auger <eric.auger@...hat.com>,
"Jean-Philippe Brucker" <jean-philippe@...aro.com>,
"Kumar, Sanjay K" <sanjay.k.kumar@...el.com>
Subject: RE: [PATCH 2/4] iommu/vt-d: Enable write protect propagation from
guest
> From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
> Sent: Friday, February 19, 2021 5:31 AM
>
> Write protect bit, when set, inhibits supervisor writes to the read-only
> pages. In guest supervisor shared virtual addressing (SVA), write-protect
> should be honored upon guest bind supervisor PASID request.
>
> This patch extends the VT-d portion of the IOMMU UAPI to include WP bit.
> WPE bit of the supervisor PASID entry will be set to match CPU CR0.WP bit.
>
> Signed-off-by: Sanjay Kumar <sanjay.k.kumar@...el.com>
> Signed-off-by: Jacob Pan <jacob.jun.pan@...ux.intel.com>
> ---
> drivers/iommu/intel/pasid.c | 5 +++++
> include/uapi/linux/iommu.h | 3 ++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/intel/pasid.c b/drivers/iommu/intel/pasid.c
> index 0b7e0e726ade..c7a2ec930af4 100644
> --- a/drivers/iommu/intel/pasid.c
> +++ b/drivers/iommu/intel/pasid.c
> @@ -763,6 +763,11 @@ intel_pasid_setup_bind_data(struct intel_iommu
> *iommu, struct pasid_entry *pte,
> return -EINVAL;
> }
> pasid_set_sre(pte);
> + /* Enable write protect WP if guest requested */
> + if (pasid_data->flags & IOMMU_SVA_VTD_GPASID_WPE) {
> + if (pasid_enable_wpe(pte))
> + return -EINVAL;
We should call pasid_set_wpe directly, as this binding is about guest
page table and suppose the guest has done whatever check required
(e.g. gcr0.wp) before setting this bit. pasid_enable_wpe has an additional
check on host cr0.wp thus is logically incorrect here.
Thanks
Kevin
> + }
> }
>
> if (pasid_data->flags & IOMMU_SVA_VTD_GPASID_EAFE) {
> diff --git a/include/uapi/linux/iommu.h b/include/uapi/linux/iommu.h
> index 68cb558fe8db..33f3dc7a91de 100644
> --- a/include/uapi/linux/iommu.h
> +++ b/include/uapi/linux/iommu.h
> @@ -288,7 +288,8 @@ struct iommu_gpasid_bind_data_vtd {
> #define IOMMU_SVA_VTD_GPASID_PWT (1 << 3) /* page-level write
> through */
> #define IOMMU_SVA_VTD_GPASID_EMTE (1 << 4) /* extended mem
> type enable */
> #define IOMMU_SVA_VTD_GPASID_CD (1 << 5) /* PASID-level
> cache disable */
> -#define IOMMU_SVA_VTD_GPASID_LAST (1 << 6)
> +#define IOMMU_SVA_VTD_GPASID_WPE (1 << 6) /* Write protect
> enable */
> +#define IOMMU_SVA_VTD_GPASID_LAST (1 << 7)
> __u64 flags;
> __u32 pat;
> __u32 emt;
> --
> 2.25.1
Powered by blists - more mailing lists