| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3c7cdc09-272f-4226-851c-dfc50777f2dc@arm.com>
Date: Wed, 23 Apr 2025 20:38:08 +0100
From: Robin Murphy <robin.murphy@....com>
To: Lu Baolu <baolu.lu@...ux.intel.com>, Joerg Roedel <joro@...tes.org>,
Will Deacon <will@...nel.org>, Kevin Tian <kevin.tian@...el.com>,
Jason Gunthorpe <jgg@...dia.com>, shangsong2@...ovo.com,
Dave Jiang <dave.jiang@...el.com>
Cc: iommu@...ts.linux.dev, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH v2 1/1] iommu: Allow attaching static domains in
iommu_attach_device_pasid()
On 2025-04-23 3:18 am, Lu Baolu wrote:
> The idxd driver attaches the default domain to a PASID of the device to
> perform kernel DMA using that PASID. The domain is attached to the
> device's PASID through iommu_attach_device_pasid(), which checks if the
> domain->owner matches the iommu_ops retrieved from the device. If they
> do not match, it returns a failure.
>
> if (ops != domain->owner || pasid == IOMMU_NO_PASID)
> return -EINVAL;
>
> The static identity domain implemented by the intel iommu driver doesn't
> specify the domain owner. Therefore, kernel DMA with PASID doesn't work
> for the idxd driver if the device translation mode is set to passthrough.
>
> Generally the owner field of static domains are not set because they are
> already part of iommu ops. Add a helper domain_iommu_ops_compatible()
> that checks if a domain is compatible with the device's iommu ops. This
> helper explicitly allows the static blocked and identity domains associated
> with the device's iommu_ops to be considered compatible.
With the other domain->owner checks also wrapped as Jason pointed out
(since it would be weird but not impossible for static domains to get
into those paths as well),
Reviewed-by: Robin Murphy <robin.murphy@....com>
> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain")
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031
> Cc: stable@...r.kernel.org
> Suggested-by: Jason Gunthorpe <jgg@...dia.com>
> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/
> Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
> ---
> drivers/iommu/iommu.c | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
> Change log:
> -v2:
> - Make the solution generic for all static domains as suggested by
> Jason.
> -v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux.intel.com/
>
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 4f91a740c15f..abda40ec377a 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -3402,6 +3402,19 @@ static void __iommu_remove_group_pasid(struct iommu_group *group,
> iommu_remove_dev_pasid(device->dev, pasid, domain);
> }
>
> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops,
> + struct iommu_domain *domain)
> +{
> + if (domain->owner == ops)
> + return true;
> +
> + /* For static domains, owner isn't set. */
> + if (domain == ops->blocked_domain || domain == ops->identity_domain)
> + return true;
> +
> + return false;
> +}
> +
> /*
> * iommu_attach_device_pasid() - Attach a domain to pasid of device
> * @domain: the iommu domain.
> @@ -3435,7 +3448,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
> !ops->blocked_domain->ops->set_dev_pasid)
> return -EOPNOTSUPP;
>
> - if (ops != domain->owner || pasid == IOMMU_NO_PASID)
> + if (!domain_iommu_ops_compatible(ops, domain) ||
> + pasid == IOMMU_NO_PASID)
> return -EINVAL;
>
> mutex_lock(&group->mutex);
Powered by blists - more mailing lists