| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Aug 2021 09:19:08 +0100
From: Robin Murphy <robin.murphy@....com>
To: Rajat Jain <rajatja@...gle.com>,
Doug Anderson <dianders@...omium.org>
Cc: Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Ulf Hansson <ulf.hansson@...aro.org>,
Adrian Hunter <adrian.hunter@...el.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
John Garry <john.garry@...wei.com>,
Rob Clark <robdclark@...omium.org>, quic_c_gdjako@...cinc.com,
Saravana Kannan <saravanak@...gle.com>,
Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>,
Veerabhadrarao Badiganti <vbadigan@...eaurora.org>,
Linux MMC List <linux-mmc@...r.kernel.org>,
linux-arm-msm <linux-arm-msm@...r.kernel.org>,
linux-pci@...r.kernel.org,
"list@....net:IOMMU DRIVERS" <iommu@...ts.linux-foundation.org>,
Sonny Rao <sonnyrao@...omium.org>,
Joel Fernandes <joel@...lfernandes.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Jonathan Corbet <corbet@....net>,
Jordan Crouse <jordan@...micpenguin.net>,
Konrad Dybcio <konrad.dybcio@...ainline.org>,
Krishna Reddy <vdumpa@...dia.com>,
"Maciej W. Rozycki" <macro@...am.me.uk>,
Nicolin Chen <nicoleotsuka@...il.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
Thierry Reding <thierry.reding@...il.com>,
Viresh Kumar <viresh.kumar@...aro.org>,
Vlastimil Babka <vbabka@...e.cz>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
Linux Doc Mailing List <linux-doc@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 0/3] iommu: Enable non-strict DMA on QCom SD/MMC
On 2021-08-03 01:09, Rajat Jain wrote:
> Hi Robin, Doug,
>
> On Wed, Jul 14, 2021 at 8:14 AM Doug Anderson <dianders@...omium.org> wrote:
>>
>> Hi,
>>
>> On Tue, Jul 13, 2021 at 11:07 AM Robin Murphy <robin.murphy@....com> wrote:
>>>
>>> On 2021-07-08 15:36, Doug Anderson wrote:
>>> [...]
>>>>> Or document for the users that want performance how to
>>>>> change the setting, so that they can decide.
>>>>
>>>> Pushing this to the users can make sense for a Linux distribution but
>>>> probably less sense for an embedded platform. So I'm happy to make
>>>> some way for a user to override this (like via kernel command line),
>>>> but I also strongly believe there should be a default that users don't
>>>> have to futz with that we think is correct.
>>>
>>> FYI I did make progress on the "punt it to userspace" approach. I'm not
>>> posting it even as an RFC yet because I still need to set up a machine
>>> to try actually testing any of it (it's almost certainly broken
>>> somewhere), but in the end it comes out looking surprisingly not too bad
>>> overall. If you're curious to take a look in the meantime I put it here:
>>>
>>> https://gitlab.arm.com/linux-arm/linux-rm/-/commits/iommu/fq
>
> I was wondering if you got any closer to testing / sending it out? I
> looked at the patches and am trying to understand, would they also
> make it possible to convert at runtime, an existing "non-strict"
> domain (for a particular device) into a "strict" domain leaving the
> other devices/domains as-is? Please let me know when you think your
> patches are good to be tested, and I'd also be interested in trying
> them out.
Yup, most recently here:
https://lore.kernel.org/linux-iommu/cover.1627468308.git.robin.murphy@arm.com/
I'm currently getting v3 ready, so I'll try to remember to add you to
the CC list.
>> Being able to change this at runtime through sysfs sounds great and it
>> fills all the needs I'm aware of, thanks! In Chrome OS we can just use
>> this with some udev rules and get everything we need.
>
> I still have another (inverse) use case where this does not work:
> We have an Intel chromebook with the default domain type being
> non-strict. There is an LTE modem (an internal PCI device which cannot
> be marked external), which we'd like to be treated as a "Strict" DMA
> domain.
>
> Do I understand it right that using Rob's patches, I could potentially
> switch the domain to "strict" *after* booting (since we don't use
> initramfs), but by that time, the driver might have already attached
> to the modem device (using "non-strict" domain), and thus the damage
> may have already been done? So perhaps we still need a device property
> that the firmware could use to indicate "strictness" for certain
> devices at boot?
Well, in my view the "external facing" firmware property *should*
effectively be the "I don't trust this device not to misbehave"
property, but I guess it's a bit too conflated with other aspects of
Thunderbolt root ports (at least in the ACPI definition) to abuse in
that manner.
Ideas off the top of my head would be to flip the default domain type
and manually relax all the other performance-sensitive devices instead,
or module_blacklist the modem driver to load manually later after
tweaking its group. However, if you think it's a sufficiently general
concern, maybe a quirk to set pci_dev->untrusted might be worth
exploring? It may make sense to drive such a thing from a command-line
option rather than a hard-coded list, though, since trust is really down
to the individual use-case.
[ re gitlab.arm.com, I understand it tends not to like large transfers -
some colleagues have reported similar issues pushing large repos as
well. I'd suggest cloning the base mainline repo from kernel.org or
another reliable source, then fetching my branch into that. I've just
tried that on a different machine (outside the work network) and it
worked fine) ]
Thanks,
Robin.
Powered by blists - more mailing lists