| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a0fd155b-67fc-45a4-8510-01f89681d6fa@arm.com> Date: Thu, 8 Jan 2026 16:41:47 +0000 From: Robin Murphy <robin.murphy@....com> To: Will Deacon <will@...nel.org> Cc: Marc Zyngier <maz@...nel.org>, Lucas Wei <lucaswei@...gle.com>, Catalin Marinas <catalin.marinas@....com>, Jonathan Corbet <corbet@....net>, sjadavani@...gle.com, kernel test robot <lkp@...el.com>, stable@...r.kernel.org, kernel-team@...roid.com, linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, smostafa@...gle.com, jgg@...dia.com Subject: Re: [PATCH v2] arm64: errata: Workaround for SI L1 downstream coherency issue On 2026-01-08 3:18 pm, Will Deacon wrote: > On Wed, Jan 07, 2026 at 05:55:40PM +0000, Robin Murphy wrote: >> On 2026-01-07 4:33 pm, Will Deacon wrote: >>> On Thu, Jan 01, 2026 at 06:55:05PM +0000, Marc Zyngier wrote: >>>> The other elephant in the room is virtualisation: how does a guest >>>> performing CMOs deals with this? How does it discover the that the >>>> host is broken? I also don't see any attempt to make KVM handle the >>>> erratum on behalf of the guest... >>> >>> A guest shouldn't have to worry about the problem, as it only affects >>> clean to PoC for non-coherent DMA agents that reside downstream of the >>> SLC in the interconnect. Since VFIO doesn't permit assigning >>> non-coherent devices to a guest, guests shouldn't ever need to push >>> writes that far (and FWB would cause bigger problems if that was >>> something we wanted to support) >>> >>> +Mostafa to keep me honest on the VFIO front. >> >> I don't think we actually prevent non-coherent devices being assigned, we >> just rely on the IOMMU supporting IOMMU_CAP_CACHE_COHERENCY. Thus if there's >> an I/O-coherent SMMU then it could end up being permitted, however I would >> hope that either the affected devices are not behind such an SMMU, or at >> least that if the SMMU imposes cacheable attributes then that prevents >> traffic from taking the back-door path to RAM. > > I think IOMMU_CAP_CACHE_COHERENCY is supposed to indicate whether or not > the endpoint devices are coherent (i.e. whether IOMMU_CACHE makes sense) > but it's true that, for the SMMU, we tie this to the coherency of the > SMMU itself so it is a bit sketchy. There's an interesting thread between > Mostafa and Jason about it: > > https://lore.kernel.org/all/ZtHhdj6RAKACBCUG@google.com/ The point is that if there's a coherent interconnect downstream of the SMMU - which we infer from the SMMU's own coherency - then we should be able to make the *output* of SMMU translation coherent, regardless of what the incoming attributes from the device are. In the IORT terms, CPM is really what matters for IOMMU_CACHE, not DACS. > But, that aside, FWB throws a pretty big spanner in the works if we want > to assign non-coherent devices. If you mean having FWB on the CPU *without* also having it on the SMMU, then yes, there are various ways that could be problematic even with nominally-coherent devices. S2FWB on the SMMU, however, is *almost* the magic bullet that makes things fine for VFIO in general, except for the annoying mis-step that it's not guaranteed to override PCIe No Snoop (hopefully that might get fixed in future, but we'll still have today's implementations that do have the not-particularly-useful behaviour.) This may be straying a bit far off $SUBJECT though - do we know if the affected devices in this case are behind a coherent SMMU, and how things work for IWB-OWB-ISh output attributes if so? Thanks, Robin.
Powered by blists - more mailing lists