| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211115203848.GA1586192@bhelgaas>
Date: Mon, 15 Nov 2021 14:38:48 -0600
From: Bjorn Helgaas <helgaas@...nel.org>
To: Lu Baolu <baolu.lu@...ux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Joerg Roedel <joro@...tes.org>,
Alex Williamson <alex.williamson@...hat.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Jason Gunthorpe <jgg@...dia.com>,
Kevin Tian <kevin.tian@...el.com>,
Ashok Raj <ashok.raj@...el.com>, Will Deacon <will@...nel.org>,
rafael@...nel.org, Diana Craciun <diana.craciun@....nxp.com>,
Cornelia Huck <cohuck@...hat.com>,
Eric Auger <eric.auger@...hat.com>,
Liu Yi L <yi.l.liu@...el.com>,
Jacob jun Pan <jacob.jun.pan@...el.com>,
Chaitanya Kulkarni <kch@...dia.com>,
iommu@...ts.linux-foundation.org, linux-pci@...r.kernel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 01/11] iommu: Add device dma ownership set/release
interfaces
On Mon, Nov 15, 2021 at 10:05:42AM +0800, Lu Baolu wrote:
> From the perspective of who is initiating the device to do DMA, device
> DMA could be divided into the following types:
>
> DMA_OWNER_KERNEL: kernel device driver intiates the DMA
> DMA_OWNER_USER: userspace device driver intiates the DMA
s/intiates/initiates/ (twice)
As your first sentence suggests, the driver doesn't actually
*initiate* the DMA in either case. One of the drivers programs the
device, and the *device* initiates the DMA.
> DMA_OWNER_KERNEL and DMA_OWNER_USER are exclusive for all devices in
> same iommu group as an iommu group is the smallest granularity of device
> isolation and protection that the IOMMU subsystem can guarantee.
I think this basically says DMA_OWNER_KERNEL and DMA_OWNER_USER are
attributes of the iommu_group (not an individual device), and it
applies to all devices in the iommu_group. Below, you allude to the
fact that the interfaces are per-device. It's not clear to me why you
made a per-device interface instead of a per-group interface.
> This
> extends the iommu core to enforce this exclusion when devices are
> assigned to userspace.
>
> Basically two new interfaces are provided:
>
> int iommu_device_set_dma_owner(struct device *dev,
> enum iommu_dma_owner mode, struct file *user_file);
> void iommu_device_release_dma_owner(struct device *dev,
> enum iommu_dma_owner mode);
>
> Although above interfaces are per-device, DMA owner is tracked per group
> under the hood. An iommu group cannot have both DMA_OWNER_KERNEL
> and DMA_OWNER_USER set at the same time. Violation of this assumption
> fails iommu_device_set_dma_owner().
>
> Kernel driver which does DMA have DMA_OWNER_KENREL automatically
> set/released in the driver binding process (see next patch).
s/DMA_OWNER_KENREL/DMA_OWNER_KERNEL/
> Kernel driver which doesn't do DMA should not set the owner type (via a
> new suppress flag in next patch). Device bound to such driver is considered
> same as a driver-less device which is compatible to all owner types.
>
> Userspace driver framework (e.g. vfio) should set DMA_OWNER_USER for
> a device before the userspace is allowed to access it, plus a fd pointer to
> mark the user identity so a single group cannot be operated by multiple
> users simultaneously. Vice versa, the owner type should be released after
> the user access permission is withdrawn.
Powered by blists - more mailing lists