lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251128171252.GF812105@ziepe.ca>
Date: Fri, 28 Nov 2025 13:12:52 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Mostafa Saleh <smostafa@...gle.com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	kvmarm@...ts.linux.dev, iommu@...ts.linux.dev,
	catalin.marinas@....com, will@...nel.org, maz@...nel.org,
	oliver.upton@...ux.dev, joey.gouly@....com, suzuki.poulose@....com,
	yuzenghui@...wei.com, joro@...tes.org, jean-philippe@...aro.org,
	praan@...gle.com, danielmentz@...gle.com, mark.rutland@....com,
	qperret@...gle.com, tabba@...gle.com
Subject: Re: [PATCH v5 27/27] iommu/arm-smmu-v3-kvm: Enable nesting

On Mon, Nov 17, 2025 at 06:48:14PM +0000, Mostafa Saleh wrote:
> @@ -441,8 +490,32 @@ static void smmu_reshadow_ste(struct hyp_arm_smmu_v3_device *smmu, u32 sid, bool
>  		hyp_ste_ptr = smmu_get_ste_ptr(smmu, sid, hyp_ste_base);
>  	}
>  
> -	smmu_copy_from_host(smmu, hyp_ste_ptr->data, host_ste_ptr->data,
> +	smmu_copy_from_host(smmu, target.data, host_ste_ptr->data,
>  			    STRTAB_STE_DWORDS << 3);
> +	/*
> +	 * Typically, STE update is done as the following
> +	 * 1- Write last 7 dwords, while STE is invalid
> +	 * 2- CFGI
> +	 * 3- Write first dword, making STE valid
> +	 * 4- CFGI
> +	 * As the SMMU MUST at least load 64 bits atomically
> +	 * that gurantees that there is no race between writing
> +	 * the STE and the CFGI where the SMMU observes parts
> +	 * of the STE.
> +	 * In the shadow we update the STE to enable nested translation,
> +	 * which requires updating first 4 dwords.
> +	 * That is only done if the STE is valid and not in abort.
> +	 * Which means it happens at step 4)
> +	 * So we need to also write the last 7 dwords and send CFGI
> +	 * before writing the first dword.
> +	 * There is no need for last CFGI as it's done next.
> +	 */

This really should share the main driver logic to do STE writes in the
right order and try to avoid making it non-valid if not necessary.

This will not properly support all the real-world kernel flows around
PASID with such a simplistic implementation.

Json

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ