| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJFrvsURkhpTJgh8@yilunxu-OptiPlex-7050> Date: Tue, 5 Aug 2025 10:26:06 +0800 From: Xu Yilun <yilun.xu@...ux.intel.com> To: Jason Gunthorpe <jgg@...pe.ca> Cc: "Aneesh Kumar K.V" <aneesh.kumar@...nel.org>, linux-coco@...ts.linux.dev, kvmarm@...ts.linux.dev, linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org, aik@....com, lukas@...ner.de, Samuel Ortiz <sameo@...osinc.com>, Suzuki K Poulose <Suzuki.Poulose@....com>, Steven Price <steven.price@....com>, Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, Oliver Upton <oliver.upton@...ux.dev> Subject: Re: [RFC PATCH v1 06/38] iommufd: Add and option to request for bar mapping with IORESOURCE_EXCLUSIVE On Thu, Jul 31, 2025 at 09:22:17AM -0300, Jason Gunthorpe wrote: > On Wed, Jul 30, 2025 at 02:55:02PM +0800, Xu Yilun wrote: > > On Tue, Jul 29, 2025 at 11:29:17AM -0300, Jason Gunthorpe wrote: > > > On Tue, Jul 29, 2025 at 01:58:54PM +0530, Aneesh Kumar K.V wrote: > > > > Jason Gunthorpe <jgg@...pe.ca> writes: > > > > > > > > > On Mon, Jul 28, 2025 at 07:21:43PM +0530, Aneesh Kumar K.V (Arm) wrote: > > > > >> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@...nel.org> > > > > > > > > > > Why would we need this? > > > > > > > > > > I can sort of understand why Intel would need it due to their issues > > > > > with MCE, but ARM shouldn't care either way, should it? > > > > > > > > > > But also why is it an iommufd option? That doesn't seem right.. > > > > > > > > > > Jason > > > > > > > > This is based on our previous discussion https://lore.kernel.org/all/20250606120919.GH19710@nvidia.com > > > > > > I suggested a global option, this is a per-device option, and that > > > especially seems wrong for iommufd. If it is per-device that is vfio, > > > > I think this should be per-device. > > IMHO there is no use case for that, it should arguably be global to > the whole kernel. I think there are 2 topics here: 1. Prevent VFIO mmap 2. Prevent /sys/../resource, /dev/mem users I assume you are refering to the 2nd, then I agree. > > > The original purpose of this pci_region_request_*() is to prevent > > further mmap/read/write against a vfio_cdev FD which would be used > > No way, the VFIO internal mmap should be controled by VFIO not by I assume your point is never to use more than one request region in the same driver to achieve some mutual exclusion. I'm good to it. We could switch to some bound flag. > request region. If you want to block that it should be blocked by > iommufd telling VFIO that the device is bound which revokes the > mmaps/dmabufs/etc and prevents opening new ones. Agree. > > The only thing request region should do is prevent /sys/../resource, > /dev/mem users and so on, which is why it can and should be > global. Arguably VFIO should always block those things but > historically hasn't.. Agree. So seems no need a global option? Thanks, Yilun > > There should only be one request region call in VFIO, it should > ideally happen when the VFIO driver probes the device. > > Jason
Powered by blists - more mailing lists