lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BN9PR11MB52761FF9AB496B422596DDDF8C8AA@BN9PR11MB5276.namprd11.prod.outlook.com>
Date:   Fri, 8 Dec 2023 09:09:04 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Lu Baolu <baolu.lu@...ux.intel.com>,
        Joerg Roedel <joro@...tes.org>,
        "Will Deacon" <will@...nel.org>,
        Robin Murphy <robin.murphy@....com>,
        "Jason Gunthorpe" <jgg@...pe.ca>
CC:     "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 4/6] iommu/vt-d: Remove 1:1 mappings from identity
 domain

> From: Lu Baolu <baolu.lu@...ux.intel.com>
> Sent: Tuesday, December 5, 2023 9:22 AM
> 
> Older VT-d hardware implementations did not support pass-through
> translation mode. The iommu driver relied on a DMA domain with all
> physical memory addresses identically mapped to the same IOVA to
> simulate pass-through translation.
> 
> This workaround is no longer necessary due to the evolution of iommu
> core. The core has introduced def_domain_type op, allowing the iommu
> driver to specify its capabilities. Additionally, the identity domain
> has become a static system domain with "never fail" attach semantics.

I'm not sure above explains the reason for removing the identity support
on older hardware. Looks the reason is simply that continuing to maintain
that debt prevents intel-iommu driver from catching up  with iommu core
evolution so we decide to remove it.

> 
> Eliminate support for the 1:1 mapping domain on older hardware and
> removes the unused code that created the 1:1 page table. This paves a
> way for the implementation of a global static identity domain.

Do you know how old such hardware is?

> @@ -2311,6 +2257,13 @@ static int device_def_domain_type(struct device
> *dev)
>  			return IOMMU_DOMAIN_IDENTITY;
>  	}
> 
> +	/*
> +	 * Hardware does not support the passthrough translation mode.
> +	 * Always use a dynamaic mapping domain.
> +	 */
> +	if (!ecap_pass_through(iommu->ecap))
> +		return IOMMU_DOMAIN_DMA;
> +
>  	return 0;

there are two cases above which mandates IDENTITY. Have you confirmed
that those platforms support hardware passthrough? otherwise this change
is broken.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ