lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7055e215-4292-4556-a481-7cd5ffe117fe@linux.intel.com>
Date: Fri, 16 May 2025 14:15:37 +0800
From: Baolu Lu <baolu.lu@...ux.intel.com>
To: Yi Liu <yi.l.liu@...el.com>, Joerg Roedel <joro@...tes.org>,
 Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>,
 Kevin Tian <kevin.tian@...el.com>, Aditya Garg <gargaditya08@...e.com>,
 Dmitry Torokhov <dmitry.torokhov@...il.com>, kobarity <kobarity@...il.com>
Cc: baolu.lu@...ux.intel.com, iommu@...ts.linux.dev,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] iommu/vt-d: Restore context entry setup order for
 aliased devices

On 5/16/2025 2:11 PM, Yi Liu wrote:
> 
> On 2025/5/14 14:05, Lu Baolu wrote:
>> Commit 2031c469f816 ("iommu/vt-d: Add support for static identity 
>> domain")
>> changed the context entry setup during domain attachment from a
>> set-and-check policy to a clear-and-reset approach. This inadvertently
>> introduced a regression affecting PCI aliased devices behind PCIe-to-PCI
>> bridges.
> 
> I got what the patch does. But just bit confused on the above description.
> I didn't see the commit 2031c469f816 mentioned any policy thing on the
> context entry setup.  To me, the problem looks to be that the info->domain
> is no more accurate to be used for checking if any domain is attached after
> the above commit. Maybe I missed something. feel free correct me.

The problem was introduced by below change:

--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -3691,11 +3691,9 @@ int prepare_domain_attach_device(struct 
iommu_domain *domain,
  static int intel_iommu_attach_device(struct iommu_domain *domain,
                                      struct device *dev)
  {
-       struct device_domain_info *info = dev_iommu_priv_get(dev);
         int ret;

-       if (info->domain)
-               device_block_translation(dev);
+       device_block_translation(dev);

And after the introduction of static identity domain, "info->domain ==
NULL" doesn't mean no domain attaching to device anymore. So this patch
uses a specific flag bit to indicate this.

Thanks,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ