lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cd53526d-2564-996b-7b0d-d1fe9f114590@arm.com>
Date:   Tue, 30 Aug 2022 10:23:51 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     Chao Gao <chao.gao@...el.com>, linux-kernel@...r.kernel.org,
        iommu@...ts.linux.dev
Cc:     hch@...radead.org, m.szyprowski@...sung.com
Subject: Re: [PATCH] swiotlb: fix a typo

On 2022-08-26 10:50, Chao Gao wrote:
> "overwirte" isn't a word. It should be "overwrite".
> 
> Signed-off-by: Chao Gao <chao.gao@...el.com>
> ---
> BTW, I am wondering if copying the original buffer to the tlb buffer
> unconditionally will leak the original buffer to the VMM, especially
> when VMM isn't trusted e.g., by confidential VMs. Would it be better
> to zero the tlb buffer for dir == DMA_FROM_DEVICE?

No, at the point of dma_map(), the buffer contents are owned by the 
caller, so if parts of that buffer are sensitive and shouldn't be 
exposed to DMA, then don't map the whole buffer for DMA. There are more 
DMA API implementations than SWIOTLB.

The whole point of bouncing the original contents here is that doing 
anything else effectively corrupts any part of the mapping that the 
device may end up *not* writing to - see the whole sordid original 
discussion (but don't be confused by the fact that the caller's original 
data happened to be zeros in that particular case).

Thanks,
Robin.

> 
>   kernel/dma/swiotlb.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
> index c5a9190b218f..f67e5f50ee3c 100644
> --- a/kernel/dma/swiotlb.c
> +++ b/kernel/dma/swiotlb.c
> @@ -765,7 +765,7 @@ phys_addr_t swiotlb_tbl_map_single(struct device *dev, phys_addr_t orig_addr,
>   	/*
>   	 * When dir == DMA_FROM_DEVICE we could omit the copy from the orig
>   	 * to the tlb buffer, if we knew for sure the device will
> -	 * overwirte the entire current content. But we don't. Thus
> +	 * overwrite the entire current content. But we don't. Thus
>   	 * unconditional bounce may prevent leaking swiotlb content (i.e.
>   	 * kernel memory) to user-space.
>   	 */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ