Re: [PATCH v2] dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14-10-22, 15:25, Fenghua Yu wrote:
> When the idxd_user_drv driver is bound to a Work Queue (WQ) device
> without IOMMU or with IOMMU Passthrough without Shared Virtual
> Addressing (SVA), the application gains direct access to physical
> memory via the device by programming physical address to a submitted
> descriptor. This allows direct userspace read and write access to
> arbitrary physical memory. This is inconsistent with the security
> goals of a good kernel API.
> 
> Unlike vfio_pci driver, the IDXD char device driver does not provide any
> ways to pin user pages and translate the address from user VA to IOVA or
> PA without IOMMU SVA. Therefore the application has no way to instruct the
> device to perform DMA function. This makes the char device not usable for
> normal application usage.
> 
> Since user type WQ without SVA cannot be used for normal application usage
> and presents the security issue, bind idxd_user_drv driver and enable user
> type WQ only when SVA is enabled (i.e. user PASID is enabled).

Applied, thanks

-- 
~Vinod



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux