From: Baolu Lu <baolu.lu@linux.intel.com>
To: Jacob Pan <jacob.jun.pan@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
iommu@lists.linux.dev, x86@kernel.org,
Joerg Roedel <joro@8bytes.org>
Cc: baolu.lu@linux.intel.com, Raj Ashok <ashok.raj@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Dave Hansen <dave.hansen@intel.com>,
Borislav Petkov <bp@alien8.de>, Ingo Molnar <mingo@redhat.com>,
"Tian, Kevin" <kevin.tian@intel.com>, Yi Liu <yi.l.liu@intel.com>
Subject: Re: [PATCH 2/2] iommu: Use the user PGD for SVA if PTI is enabled
Date: Wed, 31 Aug 2022 08:57:05 +0800 [thread overview]
Message-ID: <3aa28716-9d91-321a-0e52-58ae425ac598@linux.intel.com> (raw)
In-Reply-To: <20220822201213.352289-3-jacob.jun.pan@linux.intel.com>
On 8/23/22 4:12 AM, Jacob Pan wrote:
> With page table isolation, the kernel manages two sets of page tables
> for each process: one for user one for kernel. When enabling SVA, the
> current x86 IOMMU drivers bind device and PASID with the kernel copy
> of the process page table.
>
> While there is no known "Meltdown" type of DMA attack, exposing
> kernel mapping to DMA intended for userspace makes the system vulnerable
> unnecessarily. It also breaks the intention of PTI.
>
> This patch replaces kernel page table PGD with the user counterpart,
> thus fulfill the promise of PTI on the DMA side.
>
> Signed-off-by: Jacob Pan<jacob.jun.pan@linux.intel.com>
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Best regards,
baolu
next prev parent reply other threads:[~2022-08-31 1:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-22 20:12 [PATCH 0/2] Use the correct page tables for SVA under PTI Jacob Pan
2022-08-22 20:12 ` [PATCH 1/2] x86: mm: Allow PTI helpers to be used outside x86/mm Jacob Pan
2022-08-22 20:12 ` [PATCH 2/2] iommu: Use the user PGD for SVA if PTI is enabled Jacob Pan
2022-08-22 22:31 ` Dave Hansen
2022-08-22 23:24 ` Jacob Pan
2022-08-22 23:25 ` Dave Hansen
2022-08-31 0:57 ` Baolu Lu [this message]
2022-08-30 17:08 ` [PATCH 0/2] Use the correct page tables for SVA under PTI Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3aa28716-9d91-321a-0e52-58ae425ac598@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.jun.pan@linux.intel.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.