| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jul 2021 09:21:18 +0800
From: "chenxiang (M)" <chenxiang66@...ilicon.com>
To: Robin Murphy <robin.murphy@....com>, <joro@...tes.org>,
<will@...nel.org>
CC: Maxime Ripard <mripard@...nel.org>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Heiko Stuebner <heiko@...ech.de>,
Geert Uytterhoeven <geert+renesas@...der.be>,
<linux-kernel@...r.kernel.org>,
Chunyan Zhang <chunyan.zhang@...soc.com>,
<dianders@...omium.org>, <iommu@...ts.linux-foundation.org>,
<linux-arm-kernel@...ts.infradead.org>,
"linuxarm@...wei.com" <linuxarm@...wei.com>
Subject: Re: [PATCH v2 00/24] iommu: Refactor DMA domain strictness
在 2021/7/29 18:59, Robin Murphy 写道:
> On 2021-07-29 03:55, chenxiang (M) wrote:
>> Hi Robin,
>>
>>
>> 在 2021/7/28 23:58, Robin Murphy 写道:
>>> Hi all,
>>>
>>> Here's v2 where things start to look more realistic, hence the expanded
>>> CC list. The patches are now based on the current iommu/core branch to
>>> take John's iommu_set_dma_strict() cleanup into account.
>>>
>>> The series remiains in two (or possibly 3) logical parts - for people
>>> CC'd on cookie cleanup patches, the later parts should not affect you
>>> since your drivers don't implement non-strict mode anyway; the cleanup
>>> is all pretty straightforward, but please do yell at me if I've managed
>>> to let a silly mistake slip through and broken your driver.
>>>
>>> This time I have also build-tested x86 as well as arm64 :)
>>
>> I have tested those patchset on ARM64 with SMMUV3, and the testcases
>> are as follows:
>> - Boot with iommu.strict=0, running fio and it works well;
>> - Boot with iommu.strict=1, running fio and it works well;
>> - Change strict mode to lazy mode when building, the change takes
>> effect;
>> - Boot without iommu.strict(default strict mode), change the sysfs
>> interface type from DMA to DMA-FQ dynamically during running fio, and
>> it works well;
>> - Boot without iommu.strict(default strict mode), change the sysfs
>> interface type from DMA-FQ to DMA dynamically, and it is not allowed
>> and print "Device or resource busy"
>> (i know it is qualified, and we can change no-strict mode to strict
>> by unbind the driver -> change the sysfs interface (type)->bind the
>> driver (tested this and it works well),
>> but i have a small question: is it also possible to change from
>> DMA-FQ to DMA dynamically? )
>
> As patch #22 mentions, I think it's possible in principle, but it's
> certainly trickier. When enabling a flush queue, it doesn't matter if
> it takes a while for other threads to notice that cookie->fq_domain is
> now set and stop doing synchronous invalidations (and in the SMMU case
> it seems like there are probably enough dependencies to additionally
> prevent the io_pgtable quirk being observable before that). However
> when disabling, we'd need to be absolutely sure that the driver *has*
> started invalidating strictly before we stop queueing freed IOVAs,
> plus we need to be absolutely sure that we've stopped queueing freed
> IOVAs before we attempt to tear down the flush queue itself. I'm not
> sure off-hand how feasible it would be to put all that synchronisation
> in the right places without it also impacting normal operation.
>
> Furthermore, as also noted, there doesn't seem to be a good reason for
> ever actually needing to do that. If a device isn't trusted, it should
> be given a strict domain *before* any driver has a chance to start
> doing anything, or your trust model is broken and pretty useless. I
> can imagine some niche debugging/benchmarking cases where it might
> help save a bit of effort, but nothing with a strong enough
> justification to be worth supporting in mainline.
Ok, thanks.
>
>> Anyway, please feel free to add :
>> Tested-by: Xiang Chen <chenxiang66@...ilicon.com>
>
> That's great, thanks!
>
> Robin.
>
>>> Changes in v2:
>>>
>>> - Add iommu_is_dma_domain() helper to abstract flag check (and help
>>> avoid silly typos like the one in v1).
>>> - Tweak a few commit messages for spelling and (hopefully) clarity.
>>> - Move the iommu_create_device_direct_mappings() update to patch #14
>>> where it should have been.
>>> - Rewrite patch #20 as a conversion of the now-existing option.
>>> - Clean up the ops->flush_iotlb_all check which is also made redundant
>>> by the new domain type
>>> - Add patch #24, which is arguably tangential, but it was something I
>>> spotted during the rebase, so...
>>>
>>> Once again, the whole lot is available on a branch here:
>>>
>>> https://gitlab.arm.com/linux-arm/linux-rm/-/tree/iommu/fq
>>>
>>> Thanks,
>>> Robin.
>>>
>>>
>>> CC: Marek Szyprowski <m.szyprowski@...sung.com>
>>> CC: Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>
>>> CC: Geert Uytterhoeven <geert+renesas@...der.be>
>>> CC: Yong Wu <yong.wu@...iatek.com>
>>> CC: Heiko Stuebner <heiko@...ech.de>
>>> CC: Chunyan Zhang <chunyan.zhang@...soc.com>
>>> CC: Chunyan Zhang <chunyan.zhang@...soc.com>
>>> CC: Maxime Ripard <mripard@...nel.org>
>>> CC: Jean-Philippe Brucker <jean-philippe@...aro.org>
>>>
>>> Robin Murphy (24):
>>> iommu: Pull IOVA cookie management into the core
>>> iommu/amd: Drop IOVA cookie management
>>> iommu/arm-smmu: Drop IOVA cookie management
>>> iommu/vt-d: Drop IOVA cookie management
>>> iommu/exynos: Drop IOVA cookie management
>>> iommu/ipmmu-vmsa: Drop IOVA cookie management
>>> iommu/mtk: Drop IOVA cookie management
>>> iommu/rockchip: Drop IOVA cookie management
>>> iommu/sprd: Drop IOVA cookie management
>>> iommu/sun50i: Drop IOVA cookie management
>>> iommu/virtio: Drop IOVA cookie management
>>> iommu/dma: Unexport IOVA cookie management
>>> iommu/dma: Remove redundant "!dev" checks
>>> iommu: Introduce explicit type for non-strict DMA domains
>>> iommu/amd: Prepare for multiple DMA domain types
>>> iommu/arm-smmu: Prepare for multiple DMA domain types
>>> iommu/vt-d: Prepare for multiple DMA domain types
>>> iommu: Express DMA strictness via the domain type
>>> iommu: Expose DMA domain strictness via sysfs
>>> iommu: Merge strictness and domain type configs
>>> iommu/dma: Factor out flush queue init
>>> iommu: Allow enabling non-strict mode dynamically
>>> iommu/arm-smmu: Allow non-strict in pgtable_quirks interface
>>> iommu: Only log strictness for DMA domains
>>>
>>> .../ABI/testing/sysfs-kernel-iommu_groups | 2 +
>>> drivers/iommu/Kconfig | 80
>>> +++++++++----------
>>> drivers/iommu/amd/iommu.c | 21 +----
>>> drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 25 ++++--
>>> drivers/iommu/arm/arm-smmu/arm-smmu.c | 29 ++++---
>>> drivers/iommu/arm/arm-smmu/qcom_iommu.c | 8 --
>>> drivers/iommu/dma-iommu.c | 44 +++++-----
>>> drivers/iommu/exynos-iommu.c | 18 +----
>>> drivers/iommu/intel/iommu.c | 23 ++----
>>> drivers/iommu/iommu.c | 53 +++++++-----
>>> drivers/iommu/ipmmu-vmsa.c | 27 +------
>>> drivers/iommu/mtk_iommu.c | 6 --
>>> drivers/iommu/rockchip-iommu.c | 11 +--
>>> drivers/iommu/sprd-iommu.c | 6 --
>>> drivers/iommu/sun50i-iommu.c | 12 +--
>>> drivers/iommu/virtio-iommu.c | 8 --
>>> include/linux/dma-iommu.h | 9 ++-
>>> include/linux/iommu.h | 15 +++-
>>> 18 files changed, 171 insertions(+), 226 deletions(-)
>>>
>>
>>
>
> .
>
Powered by blists - more mailing lists