lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BN9PR11MB527677A69A2004A951165CC38C002@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Mon, 8 Apr 2024 08:48:54 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Jacob Pan <jacob.jun.pan@...ux.intel.com>, "sivanich@....com"
	<sivanich@....com>, Thomas Gleixner <tglx@...utronix.de>, LKML
	<linux-kernel@...r.kernel.org>, "iommu@...ts.linux.dev"
	<iommu@...ts.linux.dev>, Lu Baolu <baolu.lu@...ux.intel.com>, Joerg Roedel
	<joro@...tes.org>
CC: "Liu, Yi L" <yi.l.liu@...el.com>, "steve.wahl@....com"
	<steve.wahl@....com>, "Anderson, Russ" <russ.anderson@....com>, "Peter
 Zijlstra" <peterz@...radead.org>, Will Deacon <will@...nel.org>, Robin Murphy
	<robin.murphy@....com>
Subject: RE: [PATCH 2/2] iommu/vt-d: Share DMAR fault IRQ to prevent vector
 exhaustion

> From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
> Sent: Thursday, April 4, 2024 7:46 AM
> 
> DMAR fault interrupt is used for per-IOMMU unrecoverable fault reporting,
> it occurs only if there is a kernel programming error or serious hardware
> failure. In other words, they should never occur under normal circumstances.

this is not accurate. When a device is assigned to a malicious guest then
it's not unusual to observe faults.

in this context you probably meant that it's not a performance path hence
sharing the vector is acceptable.

>
> @@ -1182,7 +1182,6 @@ static void free_iommu(struct intel_iommu
> *iommu)
>  			iommu->pr_irq = 0;
>  		}
>  		free_irq(iommu->fault_irq, iommu);
> -		dmar_free_hwirq(iommu->fault_irq);

You still want to free the vector for the iommu which first gets the
vector allocated.

> @@ -1956,9 +1955,8 @@ void dmar_msi_mask(struct irq_data *data)
>  	raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
>  }
> 
> -void dmar_msi_write(int irq, struct msi_msg *msg)
> +static void dmar_msi_write_msg(struct intel_iommu *iommu, int irq, struct
> msi_msg *msg)
>  {

what about iommu_msi_write_msg() to match the first parameter?

otherwise it leads to a slightly circled calltrace:
	dmar_msi_write_msg()
		dmar_msi_write()
			dmar_msi_write_msg()

> +
> +	/*
> +	 * Only the owner IOMMU of the shared IRQ has its fault event
> +	 * interrupt unmasked after request_irq(), the rest are explicitly
> +	 * unmasked.
> +	 */
> +	if (!(iommu->flags & VTD_FLAG_FAULT_IRQ_OWNER))
> +		dmar_fault_irq_unmask(iommu);
> +

em there is a problem in dmar_msi_mask() and dmar_msi_mask()
which only touches the owner IOMMU. With this shared vector
approach we should mask/unmask all IOMMU's together.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ