Re: [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2015-10-29 at 09:32 +0900, Benjamin Herrenschmidt wrote:

> On Power, I generally have 2 IOMMU windows for a device, one at the
> bottom is remapped, and is generally used for 32-bit devices and the
> one at the top us setup as a bypass 

So in the normal case of decent 64-bit devices (and not in a VM),
they'll *already* be using the bypass region and have full access to
all of memory, all of the time? And you have no protection against
driver and firmware bugs causing stray DMA?

> I don't see how that attribute would work for us.

Because you're already doing it anyway without being asked :)

If SPARC and POWER are both doing that, perhaps we should change the
default for Intel too?

Aside from the lack of security, the other disadvantage of that is that
you have to pin *all* pages of a guest in case DMA happens; you don't
get to pin *only* those pages which are referenced by that guest's
IOMMU page tables...

Maybe we should at least coordinate IOMMU 'paranoid/fast' modes across
architectures, and then the DMA_ATTR_IOMMU_BYPASS flag would have a
sane meaning in the paranoid mode (and perhaps we'd want an ultra
-paranoid mode where it's not honoured).

-- 
dwmw2


Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux