| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BN9PR11MB5276C04C1B1ED8F8DB7B5EDF8C852@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Thu, 24 Apr 2025 04:33:14 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Baolu Lu <baolu.lu@...ux.intel.com>, "Dave, Tushar" <tdave@...dia.com>,
"joro@...tes.org" <joro@...tes.org>, "will@...nel.org" <will@...nel.org>,
"robin.murphy@....com" <robin.murphy@....com>, "jgg@...dia.com"
<jgg@...dia.com>, "Liu, Yi L" <yi.l.liu@...el.com>, "iommu@...ts.linux.dev"
<iommu@...ts.linux.dev>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
CC: "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: RE: [PATCH rc] iommu: Skip PASID validation for devices without PASID
capability
> From: Baolu Lu <baolu.lu@...ux.intel.com>
> Sent: Thursday, April 24, 2025 11:27 AM
>
> On 4/24/25 10:06, Tushar Dave wrote:
> > Generally PASID support requires ACS settings that usually create
> > single device groups, but there are some niche cases where we can get
> > multi-device groups and still have working PASID support. The primary
> > issue is that PCI switches are not required to treat PASID tagged TLPs
> > specially so appropriate ACS settings are required to route all TLPs to
> > the host bridge if PASID is going to work properly.
> >
> > pci_enable_pasid() does check that each device that will use PASID has
> > the proper ACS settings to achieve this routing.
> >
> > However, no-PASID devices can be combined with PASID capable devices
> > within the same topology using non-uniform ACS settings. In this case
> > the no-PASID devices may not have strict route to host ACS flags and
> > end up being grouped with the PASID devices.
Is there a detailed example?
> >
> > This configuration fails to allow use of the PASID within the iommu
> > core code which wrongly checks if the no-PASID device supports PASID.
> >
> > Fix this by ignoring no-PASID devices during the PASID validation. They
> > will never issue a PASID TLP anyhow so they can be ignored.
> >
> > Fixes: c404f55c26fc ("iommu: Validate the PASID in
> iommu_attach_device_pasid()")
> > Cc:stable@...r.kernel.org
> > Signed-off-by: Tushar Dave<tdave@...dia.com>
> > ---
> > drivers/iommu/iommu.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> > index 4f91a740c15f..e01df4c3e709 100644
> > --- a/drivers/iommu/iommu.c
> > +++ b/drivers/iommu/iommu.c
> > @@ -3440,7 +3440,13 @@ int iommu_attach_device_pasid(struct
> iommu_domain *domain,
> >
> > mutex_lock(&group->mutex);
> > for_each_group_device(group, device) {
> > - if (pasid >= device->dev->iommu->max_pasids) {
> > + /*
> > + * Skip PASID validation for devices without PASID support
> > + * (max_pasids = 0). These devices cannot issue transactions
> > + * with PASID, so they don't affect group's PASID usage.
> > + */
> > + if ((device->dev->iommu->max_pasids > 0) &&
> > + (pasid >= device->dev->iommu->max_pasids)) {
>
> What the iommu driver should do when set_dev_pasid is called for a non-
> PASID device? The iommu driver has no sense of iommu group, hence it has
> no knowledge about this device sharing an iommu group with another PASID
> capable device.
could add a similar check in __iommu_set_group_pasid() and
__iommu_remove_group_pasid() to skip those devices.
Powered by blists - more mailing lists