lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 24 Jun 2024 13:12:51 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Vasant Hegde <vasant.hegde@....com>
Cc: Baolu Lu <baolu.lu@...ux.intel.com>,
	"Tian, Kevin" <kevin.tian@...el.com>,
	Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
	Robin Murphy <robin.murphy@....com>,
	Jacek Lawrynowicz <jacek.lawrynowicz@...ux.intel.com>,
	"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] iommu/vt-d: Fix missed device TLB cache tag

On Mon, Jun 24, 2024 at 07:56:03PM +0530, Vasant Hegde wrote:

> >> I remember of this discussion. May be we can provide API from IOMMU driver so
> >> that individual driver can enable/disable ATS (like iommu_dev_enable_feature()).
> > 
> > But I have a feeling if we do that it should be done by re-attaching
> > the domain.
> 
> Right. By default IOMMU will enable the ATS.. But if device driver decides to
> disable it (say due to HW bug), then we have to re-attach domain (in AMD case we
> have to update the DTE and flush the TLB).

SMMUv3 is the same, this is why I like doing it via the existing
re-attach domain interface since it already composes nicely with the
mechanisms the driver should have to update the DTE/etc.

> > Having an additional input to domain attach "inhibit ats", as a flag
> > would be all the support the driver would need to provide for the core
> > code to manage this with some kind of global policy.
> 
> You mean for attach_dev() ?

Yes
 
> .. and what about PRI and PASID? Don't device driver needs similar interface ?

PRI is enabled by attaching a PRI capable domain

PASID should be assumed to be required if the device supports PASID.

Inhibiting PASID support would have to be done during domain
allocation. Soon the dev will always be available there and we could
do a policy like that via the dev structs? Not sure how much value
there is..

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ