lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <903818af-5cec-bfdd-6c03-69e6c4f29604@arm.com>
Date:   Fri, 4 Feb 2022 12:35:53 +0000
From:   Robin Murphy <robin.murphy@....com>
To:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
        iommu@...ts.linux-foundation.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: iommu non-strict mode for arm64

On 2022-02-04 05:46, Josh Poimboeuf wrote:
> Hi all,
> 
> We've gotten significant slowdowns on arm64 with 4k pages compared to
> 64k.  The slowdowns can be alleviated by setting iommu.strict=0 or
> iommu.passthrough=1.
> 
> Is there a reason x86 defaults to lazy iommu, while arm64 does not?  Are
> there security implications which are specific to arm64?

The x86 behaviour is basically 2 decades of legacy where nobody now 
feels brave enough to flip the default. At the time the arm64 IOMMU DMA 
ops were first added, strict mode was the only thing feasible to 
implement, but there was also a conscious consideration that having a 
default assumption of "IOMMU == more protection" wasn't a bad thing 
anyway. Given what played out a couple of years later, and everyone now 
being that much more security-aware, I think that decision has only been 
reinforced.

Passthrough and non-strict mode in iommu-dma only came along later, and 
most IOMMU drivers for arm64 still don't support them, which is another 
reason I'm still against changing the default today. However, if you're 
confident that your arm64 users care more about high-bandwidth I/O 
throughput than memory protection then feel free to set 
IOMMU_DEFAULT_DMA_LAZY or IOMMU_DEFAULT_PASSTHROUGH in your config.

Cheers,
Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ