lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260114161557.GB961588@nvidia.com>
Date: Wed, 14 Jan 2026 12:15:57 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Pranjal Shrivastava <praan@...gle.com>
Cc: Nicolin Chen <nicolinc@...dia.com>, will@...nel.org,
	robin.murphy@....com, joro@...tes.org,
	linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux.dev,
	linux-kernel@...r.kernel.org, skolothumtho@...dia.com,
	xueshuai@...ux.alibaba.com, smostafa@...gle.com
Subject: Re: [PATCH rc v6 3/4] iommu/arm-smmu-v3: Mark STE EATS safe when
 computing the update sequence

On Wed, Jan 14, 2026 at 03:58:03PM +0000, Pranjal Shrivastava wrote:
> > +
> > +	/*
> > +	 * When a STE comes to change EATS the sequencing code in the attach
> > +	 * logic already will have the PCI cap for ATS disabled. Thus at this
> > +	 * moment we can expect that the device will not generate ATS queries
> > +	 * and so we don't care about the sequencing of EATS. The purpose of
> > +	 * EATS is to protect the system from hostile untrusted devices that
> > +	 * issue ATS when the PCI config space is disabled. However, if EATS
> > +	 * is being changed then we already must be trusting the device since
> > +	 * the EATS security block is being disabled.
> > +	 *
> > +	 *  Note: Since we moved the EATS update to the first phase, changing
> > +	 *  S2S and EATS might transiently set S2S=1 and EATS=1, resulting in
> > +	 *  a bad STE. See "5.2 Stream Table Entry". In such a case, we can't
> > +	 *  do a hitless update.
> > +	 */
> > +	if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S)))
> > +		safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);
> 
> I understand what we're trying to do here but isn't this implicitly
> saying it is safe to transition hitlessly to any non-zero EATS value,
> including S1CHK or RSVD. S1CHK might have other config dependencies?

Will pointed this issue with S1CHK, Nicolin has a suggestion to fix it here:

https://lore.kernel.org/linux-iommu/aWarF90zBqxD0Gef@Asurada-Nvidia/

It would block RSVD too.

Thanks,
Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ