| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <adf64600-1124-4e9e-9d31-b0f18f66496a@amd.com> Date: Thu, 22 Jan 2026 10:24:58 +0000 From: Alejandro Lucero Palau <alucerop@....com> To: Jason Gunthorpe <jgg@...dia.com>, Jonathan Cameron <jonathan.cameron@...wei.com> Cc: "Tian, Kevin" <kevin.tian@...el.com>, Nicolin Chen <nicolinc@...dia.com>, "will@...nel.org" <will@...nel.org>, "robin.murphy@....com" <robin.murphy@....com>, "bhelgaas@...gle.com" <bhelgaas@...gle.com>, "Williams, Dan J" <dan.j.williams@...el.com>, "joro@...tes.org" <joro@...tes.org>, "praan@...gle.com" <praan@...gle.com>, "baolu.lu@...ux.intel.com" <baolu.lu@...ux.intel.com>, "miko.lenczewski@....com" <miko.lenczewski@....com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>, linux-cxl@...r.kernel.org Subject: Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices On 1/21/26 13:03, Jason Gunthorpe wrote: > On Wed, Jan 21, 2026 at 10:03:07AM +0000, Jonathan Cameron wrote: >> On Wed, 21 Jan 2026 08:01:36 +0000 >> "Tian, Kevin" <kevin.tian@...el.com> wrote: >> >>> +Dan. I recalled an offline discussion in which he raised concern on >>> having the kernel blindly enable ATS for cxl.cache device instead of >>> creating a knob for admin to configure from userspace (in case >>> security is viewed more important than functionality, upon allowing >>> DMA to read data out of CPU caches)... >>> >> +CC Linux-cxl > A cxl.cache device supporting ATS will automatically enable ATS today > if the kernel option to enable translation is set. > > Even if the device is marked untrusted by the PCI layer (eg an > external port). > > Yes this is effectively a security issue, but it is not really a CXL > specific problem. > > We might perfer to not enable ATS for untrusted devices and then fail to > load drivers for "ats always on" cases. > > Or maybe we can enable one of the ATS security features someday, > though I wonder if those work for CXL.. I raised my concerns about CXL.cache and virtualization at LPC: https://lpc.events/event/19/contributions/2173/attachments/1842/3940/LPC_2025_CXL_CACHE.pdf I expose there some concerns, although I admit some could be due to my twisted understanding of what CXL specs states, but regarding IOMMU/ATS, my view is ATS is not safe enough ... what I guess is a matter of opinion (trusted device based on vendor confirming it is an "official" device not enough for paranoid mode with vendors subjected to governments "agencies" actions/pressures). But this links to what I think Jason points out about ATS security features where the IOMMU hardware can be configured for checking those translated PCIe accesses as well, if the host owner/admin paranoid mind decides so. With CXL cache that is not possible since the route is through a different link and AFAIK, there is no support for something like this by current implementations. I think it could be implemented without impacting the gains from CXL.cache, but that is another story. So, FWIW, I think it should not be enabled by default. Thank you, Alejandro > Jason >
Powered by blists - more mailing lists