| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Feb 2022 12:35:53 +0000
From: Robin Murphy <robin.murphy@....com>
To: Josh Poimboeuf <jpoimboe@...hat.com>,
Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
iommu@...ts.linux-foundation.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: iommu non-strict mode for arm64
On 2022-02-04 05:46, Josh Poimboeuf wrote:
> Hi all,
>
> We've gotten significant slowdowns on arm64 with 4k pages compared to
> 64k. The slowdowns can be alleviated by setting iommu.strict=0 or
> iommu.passthrough=1.
>
> Is there a reason x86 defaults to lazy iommu, while arm64 does not? Are
> there security implications which are specific to arm64?
The x86 behaviour is basically 2 decades of legacy where nobody now
feels brave enough to flip the default. At the time the arm64 IOMMU DMA
ops were first added, strict mode was the only thing feasible to
implement, but there was also a conscious consideration that having a
default assumption of "IOMMU == more protection" wasn't a bad thing
anyway. Given what played out a couple of years later, and everyone now
being that much more security-aware, I think that decision has only been
reinforced.
Passthrough and non-strict mode in iommu-dma only came along later, and
most IOMMU drivers for arm64 still don't support them, which is another
reason I'm still against changing the default today. However, if you're
confident that your arm64 users care more about high-bandwidth I/O
throughput than memory protection then feel free to set
IOMMU_DEFAULT_DMA_LAZY or IOMMU_DEFAULT_PASSTHROUGH in your config.
Cheers,
Robin.
Powered by blists - more mailing lists