From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexey Kardashevskiy Date: Tue, 12 Jul 2022 02:27:17 +0000 Subject: Re: [PATCH kernel] powerpc/iommu: Add iommu_ops to report capabilities and allow blocking domains Message-Id: List-Id: References: <20220707135552.3688927-1-aik@ozlabs.ru> <20220707151002.GB1705032@nvidia.com> <20220708115522.GD1705032@nvidia.com> <8329c51a-601e-0d93-41b4-2eb8524c9bcb@ozlabs.ru> <861e8bd1-9f04-2323-9b39-d1b46bf99711@ozlabs.ru> <64bc8c04-2162-2e4b-6556-03b9dde051e2@ozlabs.ru> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Jason Gunthorpe Cc: linuxppc-dev@lists.ozlabs.org, Robin Murphy , Michael Ellerman , Joerg Roedel , Joel Stanley , Alex Williamson , Oliver O'Halloran , kvm-ppc@vger.kernel.org, kvm@vger.kernel.org, Daniel Henrique Barboza , Fabiano Rosas , Murilo Opsfelder Araujo , Nicholas Piggin , David Gibson On 7/12/22 04:46, Jason Gunthorpe wrote: > On Mon, Jul 11, 2022 at 11:24:32PM +1000, Alexey Kardashevskiy wrote: > >> I really think that for 5.19 we should really move this blocked domain >> business to Type1 like this: >> >> https://github.com/aik/linux/commit/96f80c8db03b181398ad355f6f90e574c3ada4bf > > This creates the same security bug for power we are discussing here. If you How so? attach_dev() on power makes uninitalizes DMA setup for the group on the hardware level, any other DMA user won't be able to initiate DMA. > don't want to fix it then lets just merge this iommu_ops patch as is rather than > mangle the core code. The core code should not be assuming iommu_ops != NULL, Type1 should, I thought it is the whole point of having Type1, why is not it the case anymore? -- Alexey