lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260112161010.GC812923@nvidia.com>
Date: Mon, 12 Jan 2026 12:10:10 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Will Deacon <will@...nel.org>
Cc: Nicolin Chen <nicolinc@...dia.com>, robin.murphy@....com,
	joro@...tes.org, linux-arm-kernel@...ts.infradead.org,
	iommu@...ts.linux.dev, linux-kernel@...r.kernel.org,
	skolothumtho@...dia.com, praan@...gle.com,
	xueshuai@...ux.alibaba.com, smostafa@...gle.com
Subject: Re: [PATCH rc v5 1/4] iommu/arm-smmu-v3: Add update_safe bits to fix
 STE update sequence

On Mon, Jan 12, 2026 at 03:53:29PM +0000, Will Deacon wrote:
> On Wed, Jan 07, 2026 at 08:36:46PM -0400, Jason Gunthorpe wrote:
> > On Wed, Jan 07, 2026 at 09:20:06PM +0000, Will Deacon wrote:
> > > >  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h   |  2 ++
> > > >  .../iommu/arm/arm-smmu-v3/arm-smmu-v3-test.c  | 18 ++++++++++---
> > > >  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c   | 27 ++++++++++++++-----
> > > >  3 files changed, 37 insertions(+), 10 deletions(-)
> > > 
> > > Hmm. So this appears to ignore the safe bits entirely, whereas the
> > > rationale for the change is that going from {MEV,EATS} disabled to
> > > enabled is safe (which I agree with). 
> > 
> > The argument was it doesn't matter for either direction be it disabled
> > to enabled or vice versa, see my reply to Mustfa in the v4 posting:
> > 
> > https://lore.kernel.org/all/20251218180129.GA254720@nvidia.com/
> 
> It would be good to include some of that rationale in the comment and
> commit message for patch 3, as at the moment it only talks about the
> change in one direction.

Sure, I can help Nicolin with that.

> I'm also still not convinced that this is generally safe, even if it
> works within what Linux currently does. For example, if somebody tries
> to disable S2S and enable ATS at the same time, couldn't you transiently
> get an illegal STE?

I would argue that the driver will never concurrently support S2S and
ATS together for the same device, it doesn't make sense as far as I
can understand.

You are correct that there is an illegal STE issue here in this case.

However, keep in mind, if there is concurrent DMA while the driver is
trying to do such a thing there must be a STE error, and we should try
to make it be a non-valid STE error.

Still, it seems easy enough to improve, do not add EATS to the safe
bits if either the current or new STE has S2S set. That will force a
V=0 and avoid the illegal STE. Nicolin?

Thanks,
Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ