lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Nov 2022 12:10:39 +0100 From: Niklas Schnelle <schnelle@...ux.ibm.com> To: Baolu Lu <baolu.lu@...ux.intel.com>, Matthew Rosato <mjrosato@...ux.ibm.com>, Gerd Bayer <gbayer@...ux.ibm.com>, iommu@...ts.linux.dev, Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>, Jason Gunthorpe <jgg@...dia.com>, Wenjia Zhang <wenjia@...ux.ibm.com> Cc: Pierre Morel <pmorel@...ux.ibm.com>, linux-s390@...r.kernel.org, borntraeger@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com, gerald.schaefer@...ux.ibm.com, agordeev@...ux.ibm.com, svens@...ux.ibm.com, linux-kernel@...r.kernel.org, Julian Ruess <julianr@...ux.ibm.com> Subject: Re: [PATCH v2 4/7] iommu: Let iommu.strict override ops->def_domain_type On Thu, 2022-11-17 at 09:55 +0800, Baolu Lu wrote: > On 2022/11/17 1:16, Niklas Schnelle wrote: > > When iommu.strict=1 is set or iommu_set_dma_strict() was called we > > should use IOMMU_DOMAIN_DMA irrespective of ops->def_domain_type. > > > > Signed-off-by: Niklas Schnelle <schnelle@...ux.ibm.com> > > --- > > drivers/iommu/iommu.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c > > index 65a3b3d886dc..d9bf94d198df 100644 > > --- a/drivers/iommu/iommu.c > > +++ b/drivers/iommu/iommu.c > > @@ -1562,6 +1562,9 @@ static int iommu_get_def_domain_type(struct device *dev) > > { > > const struct iommu_ops *ops = dev_iommu_ops(dev); > > > > + if (iommu_dma_strict) > > + return IOMMU_DOMAIN_DMA; > > If any quirky device must work in IOMMU identity mapping mode, this > might introduce functional regression. At least for VT-d platforms, some > devices do require IOMMU identity mapping mode for functionality. That's a good point. How about instead of unconditionally returning IOMMU_DOMAIN_DMA we just do so if the domain type returned by ops- >def_domain_type uses a flush queue (i.e. the __IOMMU_DOMAIN_DMA_FQ bit is set). That way a device that only supports identity mapping gets to set that but iommu_dma_strict at least always prevents use of an IOVA flush queue. > > > + > > if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) > > return IOMMU_DOMAIN_DMA; > > > > Best regards, > baolu
Powered by blists - more mailing lists