lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2cd924f0-ad19-4b29-b637-c1ff2dd68cbc@amd.com>
Date: Thu, 17 Jul 2025 17:20:07 +0530
From: Vasant Hegde <vasant.hegde@....com>
To: Baolu Lu <baolu.lu@...ux.intel.com>, Jason Gunthorpe <jgg@...dia.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Joerg Roedel <joro@...tes.org>,
 Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>,
 Kevin Tian <kevin.tian@...el.com>, Jann Horn <jannh@...gle.com>,
 Dave Hansen <dave.hansen@...el.com>, Alistair Popple <apopple@...dia.com>,
 Uladzislau Rezki <urezki@...il.com>,
 Jean-Philippe Brucker <jean-philippe@...aro.org>,
 Andy Lutomirski <luto@...nel.org>, "Tested-by : Yi Lai" <yi1.lai@...el.com>,
 iommu@...ts.linux.dev, security@...nel.org, linux-kernel@...r.kernel.org,
 stable@...r.kernel.org
Subject: Re: [PATCH v2 1/1] iommu/sva: Invalidate KVA range on kernel TLB
 flush

Hi Lu, Jason,


On 7/17/2025 7:13 AM, Baolu Lu wrote:
> On 7/16/25 20:08, Jason Gunthorpe wrote:
>> On Wed, Jul 16, 2025 at 02:34:04PM +0800, Baolu Lu wrote:
>>>>> @@ -654,6 +656,9 @@ struct iommu_ops {
>>>>>
>>>>>        int (*def_domain_type)(struct device *dev);
>>>>>
>>>>> +    void (*paging_cache_invalidate)(struct iommu_device *dev,
>>>>> +                    unsigned long start, unsigned long end);
>>>>
>>>> How would you even implement this in a driver?
>>>>
>>>> You either flush the whole iommu, in which case who needs a rage, or
>>>> the driver has to iterate over the PASID list, in which case it
>>>> doesn't really improve the situation.
>>>
>>> The Intel iommu driver supports flushing all SVA PASIDs with a single
>>> request in the invalidation queue.
>>
>> How? All PASID !=0 ? The HW has no notion about a SVA PASID vs no-SVA
>> else. This is just flushing almost everything.
> 
> The intel iommu driver allocates a dedicated domain id for all sva
> domains. It can flush all cache entries with that domain id tagged.

AMD IOMMU has INVALIDATE_IOMMU_ALL which flushes everything in IOMMU TLB. This
is heavy hammer. But should be OK for short term solution?

I don't think this command is supported inside the guest (I will double check).
But we don't have HW-vIOMMU support yet. So PASID inside guest is not yet supported.


-Vasant

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ