| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c10de7b0-ca73-e2a8-bdc5-1a3a9edd5f30@arm.com>
Date: Fri, 20 May 2022 10:18:20 +0100
From: Robin Murphy <robin.murphy@....com>
To: Joerg Roedel <joro@...tes.org>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
iommu@...ts.linux-foundation.org, jon.grimm@....com,
linux-kernel@...r.kernel.org, vasant.hegde@....com
Subject: Re: [PATCH v2] iommu/amd: Set translation valid bit only when IO page
tables are in used
On 2022-05-20 09:58, Joerg Roedel wrote:
> On Fri, May 20, 2022 at 09:54:51AM +0100, Robin Murphy wrote:
>> The .def_domain type op already allows drivers to do exactly this sort of
>> override. You could also conditionally reject IOMMU_DOMAIN_PASSTHROUGH in
>> .domain_alloc for good measure, provided that (for now at least*) SNP is a
>> global thing rather than per-instance.
>
> Yeah, that could work. I am just not sure the IOMMU core behaves well in
> all situations when allocation IOMMU_DOMAIN_PASSTHROUGH suddenly starts
> to fail. I would feel better if this is checked and tested :)
Well, iommu_group_alloc_default_domain() has the fallback and is
currently the only place that __iommu_domain_alloc() can be called with
a type other than IOMMU_DOMAIN_UNMANAGED, so by inspection it should be
fine. However if iommu_get_def_domain_type() says the right thing then
neither sysfs nor automatic default domains should get as far as even
trying to allocate an identity domain anyway - note that that's already
what happens for untrusted external devices. But either way should be
easy enough to verify with a quick hack, too.
Cheers,
Robin.
Powered by blists - more mailing lists