lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6971b9406d069_1d33100df@dwillia2-mobl4.notmuch>
Date: Wed, 21 Jan 2026 21:44:32 -0800
From: <dan.j.williams@...el.com>
To: Jason Gunthorpe <jgg@...dia.com>, Jonathan Cameron
	<jonathan.cameron@...wei.com>
CC: "Tian, Kevin" <kevin.tian@...el.com>, Nicolin Chen <nicolinc@...dia.com>,
	"will@...nel.org" <will@...nel.org>, "robin.murphy@....com"
	<robin.murphy@....com>, "bhelgaas@...gle.com" <bhelgaas@...gle.com>,
	"Williams, Dan J" <dan.j.williams@...el.com>, "joro@...tes.org"
	<joro@...tes.org>, "praan@...gle.com" <praan@...gle.com>,
	"baolu.lu@...ux.intel.com" <baolu.lu@...ux.intel.com>,
	"miko.lenczewski@....com" <miko.lenczewski@....com>,
	"linux-arm-kernel@...ts.infradead.org"
	<linux-arm-kernel@...ts.infradead.org>, "iommu@...ts.linux.dev"
	<iommu@...ts.linux.dev>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "linux-pci@...r.kernel.org"
	<linux-pci@...r.kernel.org>, <linux-cxl@...r.kernel.org>
Subject: Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache
 capable devices

Jason Gunthorpe wrote:
> On Wed, Jan 21, 2026 at 10:03:07AM +0000, Jonathan Cameron wrote:
> > On Wed, 21 Jan 2026 08:01:36 +0000
> > "Tian, Kevin" <kevin.tian@...el.com> wrote:
> > 
> > > +Dan. I recalled an offline discussion in which he raised concern on
> > > having the kernel blindly enable ATS for cxl.cache device instead of
> > > creating a knob for admin to configure from userspace (in case
> > > security is viewed more important than functionality, upon allowing
> > > DMA to read data out of CPU caches)...
> > > 
> > 
> > +CC Linux-cxl
> 
> A cxl.cache device supporting ATS will automatically enable ATS today
> if the kernel option to enable translation is set.
> 
> Even if the device is marked untrusted by the PCI layer (eg an
> external port).
> 
> Yes this is effectively a security issue, but it is not really a CXL
> specific problem.

My contention is that it is a worse or at least different problem in the
CXL case because now you have a new toolkit in an attack that wants to
exfiltrate data from CPU caches.

> We might perfer to not enable ATS for untrusted devices and then fail to
> load drivers for "ats always on" cases.

The current PCI untrusted flag is not fit for purpose in this new age of
PCI device authentication and CXL.cache capable devices.

> Or maybe we can enable one of the ATS security features someday,
> though I wonder if those work for CXL..

It should work, but before that I do not see the justification to say
effectively:

"We have a less than perfect legacy way (PCI untrusted flag) to nod at
 ATS security problems. Let us ignore even that for a new class of
 devices that advertise they can trigger all the old security problems
 plus new ones."

I do not immediately see what is wrong with requiring userspace policy
opt-in. That naturally gets replaced by installing the device's
certificate (for native PCI CMA), authenticating the device with the
TSM (for PCI IDE), or obviated by secure-ATS if that arrives.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ