lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Mar 2022 11:24:55 -0500
From:   Mario Limonciello <mario.limonciello@....com>
To:     Joerg Roedel <joro@...tes.org>,
        Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>
CC:     Will Deacon <will@...nel.org>,
        Andreas Noever <andreas.noever@...il.com>,
        Michael Jamet <michael.jamet@...el.com>,
        Yehezkel Bernat <YehezkelShB@...il.com>,
        "open list:AMD IOMMU (AMD-VI)" <iommu@...ts.linux-foundation.org>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:THUNDERBOLT DRIVER" <linux-usb@...r.kernel.org>,
        Mario Limonciello <mario.limonciello@....com>
Subject: [PATCH 2/2] thunderbolt: Use pre-boot DMA protection on AMD systems

The information is exported from the IOMMU driver whether or not
pre-boot DMA protection has been enabled on AMD systems.  Use this
information to properly set iomma_dma_protection.

Link: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection
Link: https://www.amd.com/system/files/TechDocs/48882_IOMMU.pdf
Signed-off-by: Mario Limonciello <mario.limonciello@....com>
---
 drivers/thunderbolt/domain.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 7018d959f775..e03790735c12 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -6,6 +6,7 @@
  * Author: Mika Westerberg <mika.westerberg@...ux.intel.com>
  */
 
+#include <linux/amd-iommu.h>
 #include <linux/device.h>
 #include <linux/dmar.h>
 #include <linux/idr.h>
@@ -259,11 +260,15 @@ static ssize_t iommu_dma_protection_show(struct device *dev,
 {
 	/*
 	 * Kernel DMA protection is a feature where Thunderbolt security is
-	 * handled natively using IOMMU. It is enabled when IOMMU is
-	 * enabled and ACPI DMAR table has DMAR_PLATFORM_OPT_IN set.
+	 * handled natively using IOMMU. It is enabled when the IOMMU is
+	 * enabled and either:
+	 * ACPI DMAR table has DMAR_PLATFORM_OPT_IN set
+	 * or
+	 * ACPI IVRS table has DMA_REMAP bitset
 	 */
 	return sprintf(buf, "%d\n",
-		       iommu_present(&pci_bus_type) && dmar_platform_optin());
+		       iommu_present(&pci_bus_type) &&
+		       (dmar_platform_optin() || amd_ivrs_remap_support()));
 }
 static DEVICE_ATTR_RO(iommu_dma_protection);
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ