| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Mar 2023 17:34:14 -0800
From: Nicolin Chen <nicolinc@...dia.com>
To: Robin Murphy <robin.murphy@....com>
CC: <jgg@...dia.com>, <will@...nel.org>, <eric.auger@...hat.com>,
<kevin.tian@...el.com>, <baolu.lu@...ux.intel.com>,
<joro@...tes.org>, <shameerali.kolothum.thodi@...wei.com>,
<jean-philippe@...aro.org>, <linux-arm-kernel@...ts.infradead.org>,
<iommu@...ts.linux.dev>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1 12/14] iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED
type of allocations
On Thu, Mar 09, 2023 at 02:28:09PM +0000, Robin Murphy wrote:
> External email: Use caution opening links or attachments
>
>
> On 2023-03-09 13:20, Robin Murphy wrote:
> > On 2023-03-09 10:53, Nicolin Chen wrote:
> > > Add domain allocation support for IOMMU_DOMAIN_NESTED type. This includes
> > > the "finalise" part to log in the user space Stream Table Entry info.
> > >
> > > Co-developed-by: Eric Auger <eric.auger@...hat.com>
> > > Signed-off-by: Eric Auger <eric.auger@...hat.com>
> > > Signed-off-by: Nicolin Chen <nicolinc@...dia.com>
> > > ---
> > > drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 38 +++++++++++++++++++--
> > > 1 file changed, 36 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > index 5ff74edfbd68..1f318b5e0921 100644
> > > --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > @@ -2214,6 +2214,19 @@ static int arm_smmu_domain_finalise(struct
> > > iommu_domain *domain,
> > > return 0;
> > > }
> > > + if (domain->type == IOMMU_DOMAIN_NESTED) {
> > > + if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1) ||
> > > + !(smmu->features & ARM_SMMU_FEAT_TRANS_S2)) {
> > > + dev_dbg(smmu->dev, "does not implement two stages\n");
> > > + return -EINVAL;
> > > + }
> > > + smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
> > > + smmu_domain->s1_cfg.s1fmt = user_cfg->s1fmt;
> > > + smmu_domain->s1_cfg.s1cdmax = user_cfg->s1cdmax;
> > > + smmu_domain->s1_cfg.cdcfg.cdtab_dma = user_cfg->s1ctxptr;
> > > + return 0;
> >
> > How's that going to work? If the caller's asked for something we can't
> > provide, returning something else and hoping it fails later is not
> > sensible, we should just fail right here. It's even more worrying if
> > there's a chance it *won't* fail later, and a guest ends up with
> > "nested" translation giving it full access to host PA space :/
>
> Oops, apologies - in part thanks to the confusing indentation, I managed
> to miss the early return and misread this all being under the if
> condition for nesting not being supported. Sorry for the confusion :(
Perhaps this can help readability, considering that we have
multiple places checking the TRANS_S1 and TRANS_S2 features:
bool feat_has_s1 smmu->features & ARM_SMMU_FEAT_TRANS_S1;
bool feat_has_s2 smmu->features & ARM_SMMU_FEAT_TRANS_S2;
if (domain->type == IOMMU_DOMAIN_NESTED) {
if (!feat_has_s1 || !feat_has_s2) {
dev_dbg(smmu->dev, "does not implement two stages\n");
return -EINVAL;
}
...
return 0;
}
if (user_cfg_s2 && !feat_has_s2)
return -EINVAL;
...
if (!feat_has_s1)
smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
if (!feat_has_s2)
smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
Would you like this?
Thanks
Nic
Powered by blists - more mailing lists