| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aV0TalseaDGW-1Jp@mitya-t14-2025> Date: Tue, 6 Jan 2026 14:51:38 +0100 From: Dmytro Maluka <dmaluka@...omium.org> To: Jason Gunthorpe <jgg@...pe.ca> Cc: David Woodhouse <dwmw2@...radead.org>, Lu Baolu <baolu.lu@...ux.intel.com>, iommu@...ts.linux.dev, Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>, linux-kernel@...r.kernel.org, "Vineeth Pillai (Google)" <vineeth@...byteword.org>, Aashish Sharma <aashish@...hishsharma.net>, Grzegorz Jaszczyk <jaszczyk@...omium.org>, Chuanxiao Dong <chuanxiao.dong@...el.com>, Kevin Tian <kevin.tian@...el.com> Subject: Re: [PATCH v2 0/5] iommu/vt-d: Ensure memory ordering in context & root entry updates On Mon, Jan 05, 2026 at 08:14:18PM -0400, Jason Gunthorpe wrote: > On Mon, Jan 05, 2026 at 09:05:36PM +0100, Dmytro Maluka wrote: > > > and WRITE_ONCE is pointless if the HW is promising not to > > > read it due to non-present. > > > > As long as we use a barrier. And IIUC vice versa, if we use WRITE_ONCE > > for any updates, a barrier is not necessary (on x86). And WRITE_ONCE for > > any updates (for PASID entries) is what was already done before this > > series. > > That is an x86 ism and it shouldn't be needlessly leaked into drivers. > As this is not performance it should have the portable flow: Agree. And as a matter of fact, patch 4 in this series already does that - it adds a barrier before setting present bit, despite it being "redundant on x86". It adds smp_wmb() as suggested by Baolu but I can change it to dma_wmb() which indeed seems more suitable. (FWIW on x86 there is no difference between smp_wmb() and dma_wmb(), both are just barrier().) > WRITE_ONCE(non-present) > dma_wmb() > <cmd to flush caches> Regarding a barrier after clearing present bit - good point, I should probably add that to my patch 4 as well. Regarding flushing caches right after that - what for? (BTW the Intel driver doesn't do that either.) If we don't do that and as a result the HW is using an old entry cached before we cleared the present bit, it is not affected by our later modifications anyway. Of course we flush caches at the end, after setting the present bit, but that's a different story. > > Although, perhaps even with a barrier, WRITE_ONCE is still desirable to > > prevent the compiler from doing strange but legal things that involve > > transiently setting and then clearing the present bit behind our back? > > (Not that I'm aware of any compilers doing that, but I'm no compiler > > expert.) > > You do have to write once the present bit, but not the others. The > dma_wmb() will make sure the HW cannot observe other states when it > observes present. I was talking about compiler guarantees, not HW guarantees. I mean: when setting some other bit in the entry before the barrier, if we do that without WRITE_ONCE, with a mere "foo |= bar", are we certain the compiler will not implement that as, for example, setting the value to 0xffffffffffffffff and then clearing other bits (for whatever crazy reason)? That would be still a legal thing for the compiler to do, in terms of its single-thread guarantees? So it still seems a good idea to use WRITE_ONCE (or anything not weaker than WRITE_ONCE) for any updates of memory structures used by hardware, to prevent such things? (And using WRITE_ONCE for that doesn't really cost us anything anyway.)
Powered by blists - more mailing lists