lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 May 2022 13:43:03 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     Baolu Lu <baolu.lu@...ux.intel.com>,
        Jason Gunthorpe <jgg@...dia.com>
Cc:     Joerg Roedel <joro@...tes.org>,
        Christoph Hellwig <hch@...radead.org>,
        Kevin Tian <kevin.tian@...el.com>,
        Ashok Raj <ashok.raj@...el.com>, Will Deacon <will@...nel.org>,
        Jean-Philippe Brucker <jean-philippe@...aro.com>,
        Eric Auger <eric.auger@...hat.com>,
        Liu Yi L <yi.l.liu@...el.com>,
        Jacob jun Pan <jacob.jun.pan@...el.com>,
        iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/5] iommu: Add blocking_domain_ops field in iommu_ops

On 2022-05-17 03:37, Baolu Lu wrote:
> Hi Jason,
> 
> On 2022/5/16 21:57, Jason Gunthorpe wrote:
>> On Mon, May 16, 2022 at 12:22:08PM +0100, Robin Murphy wrote:
>>> On 2022-05-16 02:57, Lu Baolu wrote:
>>>> Each IOMMU driver must provide a blocking domain ops. If the hardware
>>>> supports detaching domain from device, setting blocking domain equals
>>>> detaching the existing domain from the deivce. Otherwise, an UNMANAGED
>>>> domain without any mapping will be used instead.
>>> Unfortunately that's backwards - most of the implementations of 
>>> .detach_dev
>>> are disabling translation entirely, meaning the device ends up 
>>> effectively
>>> in passthrough rather than blocked.
>> Ideally we'd convert the detach_dev of every driver into either
>> a blocking or identity domain. The trick is knowing which is which..
> 
> I am still a bit puzzled about how the blocking_domain should be used 
> when it is extended to support ->set_dev_pasid.
> 
> If it's a blocking domain, the IOMMU driver knows that setting the
> blocking domain to device pasid means detaching the existing one.
> 
> But if it's an identity domain, how could the IOMMU driver choose
> between:
> 
>   - setting the input domain to the pasid on device; or,
>   - detaching the existing domain.
> 
> I've ever thought about below solutions:
> 
> - Checking the domain types and dispatching them to different
>    operations.
> - Using different blocking domains for different types of domains.
> 
> But both look rough.
> 
>>
>> Guessing going down the list:
>>   apple dart - blocking, detach_dev calls apple_dart_hw_disable_dma() 
>> same as
>>                IOMMU_DOMAIN_BLOCKED
>>           [I wonder if this drive ris wrong in other ways though because
>>                 I dont see a remove_streams in attach_dev]
>>   exynos - this seems to disable the 'sysmmu' so I'm guessing this is
>>            identity
>>   iommu-vmsa - Comment says 'disable mmu translaction' so I'm guessing
>>                this is idenity
>>   mkt_v1 - Code looks similar to mkt, which is probably identity.
>>   rkt - No idea
>>   sprd - No idea
>>   sun50i - This driver confusingly treats identity the same as
>>            unmanaged, seems wrong, no idea.
>>   amd - Not sure, clear_dte_entry() seems to set translation on but 
>> points
>>         the PTE to 0 ? Based on the spec table 8 I would have expected
>>         TV to be clear which would be blocking. Maybe a bug??
>>   arm smmu qcomm - not sure
>>   intel - blocking
>>
>> These doesn't support default domains, so detach_dev should return
>> back to DMA API ownership, which is either identity or something weird:
>>   fsl_pamu - identity due to the PPC use of dma direct
>>   msm
>>   mkt
>>   omap
>>   s390 - platform DMA ops
>>   terga-gart - Usually something called a GART would be 0 length once
>>                disabled, guessing blocking?
>>   tegra-smmu
>>
>> So, the approach here should be to go driver by driver and convert
>> detach_dev to either identity, blocking or just delete it entirely,
>> excluding the above 7 that don't support default domains. And get acks
>> from the driver owners.
>>
> 
> Agreed. There seems to be a long way to go. I am wondering if we could
> decouple this refactoring from my new SVA API work? We can easily switch
> .detach_dev_pasid to using blocking domain later.

FWIW from my point of view I'm happy with having a .detach_dev_pasid op 
meaning implicitly-blocked access for now. On SMMUv3, PASIDs don't mix 
with our current notion of IOMMU_DOMAIN_IDENTITY (nor the potential one 
for IOMMU_DOMAIN_BLOCKED), so giving PASIDs functional symmetry with 
devices would need significantly more work anyway.

Thanks,
Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ