lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070708161730.GA4146@rhun.haifa.ibm.com>
Date:	Sun, 8 Jul 2007 19:17:30 +0300
From:	Muli Ben-Yehuda <muli@...ibm.com>
To:	David Miller <davem@...emloft.net>
Cc:	mitch.a.williams@...el.com, shemminger@...ux-foundation.org,
	netdev@...r.kernel.org
Subject: Re: [RFC 2/2] shrink size of scatterlist on common i386/x86-64

On Fri, Jul 06, 2007 at 12:20:19PM -0700, David Miller wrote:
> From: "Williams, Mitch A" <mitch.a.williams@...el.com>
> Date: Fri, 6 Jul 2007 10:14:56 -0700
> 
> > In my opinion, IOMMU table locking is the major issue with this
> > type of architecture.  Since both Intel and AMD are touting IOMMUs
> > for virtual- ization support, this is an issue that's going to
> > need a lot of scrutiny.
> 
> For the allocation of IOMMU entries themselves you can play tricks
> using atomic operations on 64-bit words of the allocator bitmap to
> avoid locking that.

Hmm, any pointers?

> You can use per-cpu salts to determine where to start the search and
> avoid hitting the same cachelines as other cpus working on the same
> table.
> 
> But you'll need to lock in order to flush the IOMMU tlb I'm afraid.
> The way to mitigate that is to only flush the IOMMU tlb once per
> allocator generation.

That works, but isn't optimal when you have an isolation-capable IOMMU
and you want the full isolation properties of the IOMMU. If you only
flush the IOTLB when the allocator wraps around, a stale entry in the
IOTLB can allow a DMA to go through for an IO entry that has already
been unmapped. One way to mitigate that and still retain full
isolation is to make sure no one else gets to use the frames that are
the targets of the DMA until the translation has been flushed out of
the IOTLB, but that requires pretty deep surgery.

Cheers,
Muli


-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ