| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bef59822-71ab-a82e-ed95-0e139cf1fbf0@huawei.com>
Date: Wed, 9 Jun 2021 16:24:09 +0100
From: John Garry <john.garry@...wei.com>
To: Robin Murphy <robin.murphy@....com>, <joro@...tes.org>,
<will@...nel.org>, <dwmw2@...radead.org>,
<baolu.lu@...ux.intel.com>
CC: <rdunlap@...radead.org>, <linux-kernel@...r.kernel.org>,
<linuxarm@...wei.com>, <iommu@...ts.linux-foundation.org>
Subject: Re: [PATCH v11 1/3] iommu: Enhance IOMMU default DMA mode build
options
On 09/06/2021 16:03, Robin Murphy wrote:
> On 2021-06-08 14:18, John Garry wrote:
>> From: Zhen Lei <thunder.leizhen@...wei.com>
>>
>> First, add build options IOMMU_DEFAULT_{LAZY|STRICT}, so that we have the
>> opportunity to set {lazy|strict} mode as default at build time. Then put
>> the two config options in a choice, as they are mutually exclusive.
>>
>> [jpg: Make choice between strict and lazy only (and not passthrough)]
>> Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
>> Signed-off-by: John Garry <john.garry@...wei.com>
>> ---
>> drivers/iommu/Kconfig | 35 +++++++++++++++++++++++++++++++++++
>> drivers/iommu/iommu.c | 3 ++-
>> 2 files changed, 37 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
>> index 1f111b399bca..369a3af9e5bf 100644
>> --- a/drivers/iommu/Kconfig
>> +++ b/drivers/iommu/Kconfig
>> @@ -90,6 +90,41 @@ config IOMMU_DEFAULT_PASSTHROUGH
>> If unsure, say N here.
>> +choice
>> + prompt "IOMMU default DMA mode"
>> + depends on IOMMU_API
>> + depends on X86 || IA64 || X86_64 || ARM || ARM64
>
> Simply "depends on IOMMU_DMA" should suffice, since that's now the only
> place where flush queues matter.
I suppose so.
Configs ARM64, AMD_IOMMU, and INTEL_IOMMU all select this.
>
>> +
>> + default IOMMU_DEFAULT_STRICT
>> + help
>> + This option allows an IOMMU DMA mode to be chosen at build
>> time, to
>> + override the default DMA mode of each ARCH, removing the need to
>> + pass in kernel parameters through command line. It is still
>> possible
>> + to provide ARCH-specific or common boot options to override this
>> + option.
>> +
>> + If unsure, keep the default.
>> +
>> +config IOMMU_DEFAULT_LAZY
>> + bool "lazy"
>> + help
>> + Support lazy mode, where for every IOMMU DMA unmap operation, the
>> + flush operation of IOTLB and the free operation of IOVA are
>> deferred.
>> + They are only guaranteed to be done before the related IOVA
>> will be
>> + reused.
>> +
>> +config IOMMU_DEFAULT_STRICT
>> + bool "strict"
>> + help
>> + For every IOMMU DMA unmap operation, the flush operation of
>> IOTLB and
>> + the free operation of IOVA are guaranteed to be done in the unmap
>> + function.
>> +
>> + This mode is safer than lazy mode, but it may be slower in some
>> high
>> + performance scenarios.
>
> FWIW, as an end user who doesn't care much about the implementation
> details I'd probably appreciate the actual implications being clearer,
> i.e. what does "safer" mean in practice and what is it relative to?
>
Fine, I can mention that lazy mode means that we have reduced device
isolation and a dangerous window can be created between device driver
DMA unmap and zapping the mapping in the IOMMU; however still much safer
than passthrough/no IOMMU, which means no isolation at all.
Thanks,
John
Powered by blists - more mailing lists