lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Mar 2023 12:22:23 +0800
From:   Baolu Lu <baolu.lu@...ux.intel.com>
To:     Jason Gunthorpe <jgg@...dia.com>
Cc:     baolu.lu@...ux.intel.com, iommu@...ts.linux.dev,
        Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
        Robin Murphy <robin.murphy@....com>,
        Kevin Tian <kevin.tian@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] iommu/vt-d: Add opt-in for ATS support on discrete
 devices

On 2/28/23 8:23 PM, Jason Gunthorpe wrote:
> On Tue, Feb 28, 2023 at 10:33:41AM +0800, Lu Baolu wrote:
>> In normal processing of PCIe ATS requests, the IOMMU performs address
>> translation and returns the device a physical memory address which
>> will be stored in that device's IOTLB. The device may subsequently
>> issue Translated DMA request containing physical memory address. The
>> IOMMU only checks that the device was allowed to issue such requests
>> and does not attempt to validate the physical address.
>>
>> The Intel IOMMU implementation only allows PCIe ATS on several SOC-
>> integrated devices which are opt-in’ed through the ACPI tables to
>> prevent any compromised device from accessing arbitrary physical
>> memory.
>>
>> Add a kernel option intel_iommu=relax_ats to allow users to have an
>> opt-in to allow turning on ATS at as wish, especially for CSP-owned
>> vertical devices. In any case, risky devices are not allowed to use
>> ATS.
> Why is this an intel specific option? 

I only see similar situation on ARM SMMUv3 platforms. The device ATS is
only allowed when the ATS bit is set in RC node of the ACPI/IORT table.

> all it does is effectively
> disable untrusted?

It's irrelevant to untrusted devices.

Untrusted devices, with pci_dev->untrusted set, means device connects to
the system through some kind of untrusted external port, e.g.
thunderbolt ports. For those devices, ATS shouldn't be enabled for those
devices.

Here we are talking about soc-integrated devices vs. discrete PCI
devices (connected to the system through internal PCI slot). The problem
is that the DMAR ACPI table only defines ATS attribute for Soc-
integrated devices, which causes ATS (and its ancillary features) on the
discrete PCI devices not to work.

> Why not a global option? All iommu with ATS will
> need this?
> 
> Also, why doesn't a "CSP" set their ACPI to make the devices they want
> to use ATS with trusted instead of this?

For example, users might purchase general servers and use their own or
third-party PCIe adapters on them. They have no means to customize the
BIOS.

Best regards,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ