lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4bd4b850-720e-bd02-c04d-01013be49456@linux.intel.com>
Date:   Fri, 18 Jun 2021 21:11:51 +0800
From:   Lu Baolu <baolu.lu@...ux.intel.com>
To:     John Garry <john.garry@...wei.com>, joro@...tes.org,
        will@...nel.org, dwmw2@...radead.org, robin.murphy@....com,
        corbet@....net
Cc:     baolu.lu@...ux.intel.com, linux-kernel@...r.kernel.org,
        iommu@...ts.linux-foundation.org, linuxarm@...wei.com,
        thunder.leizhen@...wei.com, chenxiang66@...ilicon.com,
        linux-doc@...r.kernel.org
Subject: Re: [PATCH v14 3/6] iommu: Enhance IOMMU default DMA mode build
 options

On 2021/6/18 19:34, John Garry wrote:
> From: Zhen Lei <thunder.leizhen@...wei.com>
> 
> First, add build options IOMMU_DEFAULT_{LAZY|STRICT}, so that we have the
> opportunity to set {lazy|strict} mode as default at build time. Then put
> the two config options in an choice, as they are mutually exclusive.
> 
> [jpg: Make choice between strict and lazy only (and not passthrough)]
> Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
> Signed-off-by: John Garry <john.garry@...wei.com>
> Reviewed-by: Robin Murphy <robin.murphy@....com>
> ---
>   .../admin-guide/kernel-parameters.txt         |  3 +-
>   drivers/iommu/Kconfig                         | 40 +++++++++++++++++++
>   drivers/iommu/iommu.c                         |  2 +-
>   3 files changed, 43 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 673952379900..a1b7c8526bb5 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2046,9 +2046,10 @@
>   			  throughput at the cost of reduced device isolation.
>   			  Will fall back to strict mode if not supported by
>   			  the relevant IOMMU driver.
> -			1 - Strict mode (default).
> +			1 - Strict mode.
>   			  DMA unmap operations invalidate IOMMU hardware TLBs
>   			  synchronously.
> +			unset - Use value of CONFIG_IOMMU_DEFAULT_{LAZY,STRICT}.
>   			Note: on x86, the default behaviour depends on the
>   			equivalent driver-specific parameters, but a strict
>   			mode explicitly specified by either method takes
> diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
> index 1f111b399bca..0327a942fdb7 100644
> --- a/drivers/iommu/Kconfig
> +++ b/drivers/iommu/Kconfig
> @@ -90,6 +90,46 @@ config IOMMU_DEFAULT_PASSTHROUGH
>   
>   	  If unsure, say N here.
>   
> +choice
> +	prompt "IOMMU default DMA IOTLB invalidation mode"
> +	depends on IOMMU_DMA
> +
> +	default IOMMU_DEFAULT_STRICT
> +	help
> +	  This option allows an IOMMU DMA IOTLB invalidation mode to be
> +	  chosen at build time, to override the default mode of each ARCH,
> +	  removing the need to pass in kernel parameters through command line.
> +	  It is still possible to provide common boot params to override this
> +	  config.
> +
> +	  If unsure, keep the default.
> +
> +config IOMMU_DEFAULT_STRICT
> +	bool "strict"
> +	help
> +	  For every IOMMU DMA unmap operation, the flush operation of IOTLB and
> +	  the free operation of IOVA are guaranteed to be done in the unmap
> +	  function.
> +
> +config IOMMU_DEFAULT_LAZY
> +	bool "lazy"
> +	help
> +	  Support lazy mode, where for every IOMMU DMA unmap operation, the
> +	  flush operation of IOTLB and the free operation of IOVA are deferred.
> +	  They are only guaranteed to be done before the related IOVA will be
> +	  reused.
> +
> +	  The isolation provided in this mode is not as secure as STRICT mode,
> +	  such that a vulnerable time window may be created between the DMA
> +	  unmap and the mappings cached in the IOMMU IOTLB or device TLB
> +	  finally being invalidated, where the device could still access the
> +	  memory which has already been unmapped by the device driver.
> +	  However this mode may provide better performance in high throughput
> +	  scenarios, and is still considerably more secure than passthrough
> +	  mode or no IOMMU.
> +
> +endchoice
> +
>   config OF_IOMMU
>   	def_bool y
>   	depends on OF && IOMMU_API
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index cf58949cc2f3..60b1ec42e73b 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -29,7 +29,7 @@ static struct kset *iommu_group_kset;
>   static DEFINE_IDA(iommu_group_ida);
>   
>   static unsigned int iommu_def_domain_type __read_mostly;
> -static bool iommu_dma_strict __read_mostly = true;
> +static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_STRICT);
>   static u32 iommu_cmd_line __read_mostly;
>   
>   struct iommu_group {
> 

Reviewed-by: Lu Baolu <baolu.lu@...ux.intel.com>

Best regards,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ