From: David Woodhouse <dwmw2@infradead.org>
To: David Miller <davem@davemloft.net>
Cc: shamir.rabinovitch@oracle.com, arnd@arndb.de, corbet@lwn.net,
linux-doc@vger.kernel.org, linux-arch@vger.kernel.org,
luto@kernel.org, jroedel@suse.de, borntraeger@de.ibm.com,
cornelia.huck@de.ibm.com, sebott@linux.vnet.ibm.com,
pbonzini@redhat.com, hch@lst.de, benh@kernel.crashing.org,
kvm@vger.kernel.org, schwidefsky@de.ibm.com,
linux-s390@vger.kernel.org
Subject: Re: [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS
Date: Wed, 28 Oct 2015 22:57:12 +0900 [thread overview]
Message-ID: <1446040632.3405.222.camel@infradead.org> (raw)
In-Reply-To: <20151028.070705.1277125569024626755.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 1637 bytes --]
On Wed, 2015-10-28 at 07:07 -0700, David Miller wrote:
> In the sparc64 case, the 64-bit DMA address space is divided into
> IOMMU translated and non-IOMMU translated.
>
> You just set the high bits differently depending upon what you want.
Wait, does that mean a (rogue) device could *always* get full access to
physical memory just by setting the high bits appropriately? That
mapping is *always* available?
> So a device could use both IOMMU translated and bypass accesses at
> the same time. While seemingly interesting, I do not recommend we
> provide this kind of flexibility in our DMA interfaces.
Now I could understand this if the answer to my question above was
'no'. We absolutely want the *security* all the time, and we don't want
the device to be able to do stupid stuff. But if the answer was 'yes'
then we take the map/unmap performance hit for... *what* benefit?
On Intel we have the passthrough as an *option* and I have the same
initial reaction — "Hell no, we want the security". But I concede the
performance motivation for it, and I'm not *dead* set against
permitting it.
If I tolerate a per-device request for passthrough mode, that might
prevent people from disabling the IOMMU or putting it into passthrough
mode *entirely*. So actually, I'm *improving* security...
I think it makes sense to allow performance sensitive device drivers to
*request* a passthrough mode. The platform can reserve the right to
refuse, if either the IOMMU hardware doesn't support that, or we're in
a paranoid mode (with iommu=always or something on the command line).
--
dwmw2
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5691 bytes --]
next prev parent reply other threads:[~2015-10-28 13:57 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1445789224-28032-1-git-send-email-shamir.rabinovitch@oracle.com>
[not found] ` <1445789224-28032-2-git-send-email-shamir.rabinovitch@oracle.com>
2015-10-28 6:30 ` [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS David Woodhouse
2015-10-28 11:10 ` Shamir Rabinovitch
2015-10-28 13:31 ` David Woodhouse
2015-10-28 14:07 ` David Miller
2015-10-28 13:57 ` David Woodhouse [this message]
2015-10-29 0:23 ` David Miller
2015-10-29 0:32 ` Benjamin Herrenschmidt
2015-10-29 0:42 ` David Woodhouse
2015-10-29 1:10 ` Benjamin Herrenschmidt
2015-10-29 18:31 ` Andy Lutomirski
2015-10-29 22:35 ` David Woodhouse
2015-11-01 7:45 ` Shamir Rabinovitch
2015-11-01 21:10 ` Benjamin Herrenschmidt
2015-11-02 7:23 ` Shamir Rabinovitch
2015-11-02 10:00 ` Benjamin Herrenschmidt
2015-11-02 12:07 ` Shamir Rabinovitch
2015-11-02 20:13 ` Benjamin Herrenschmidt
2015-11-02 21:45 ` Arnd Bergmann
2015-11-02 23:08 ` Benjamin Herrenschmidt
2015-11-03 13:11 ` Christoph Hellwig
2015-11-03 19:35 ` Benjamin Herrenschmidt
2015-11-02 21:49 ` Shamir Rabinovitch
2015-11-02 22:48 ` David Woodhouse
2015-11-02 23:10 ` Benjamin Herrenschmidt
2015-11-05 21:08 ` David Miller
2015-10-30 1:51 ` Benjamin Herrenschmidt
2015-10-30 10:32 ` Arnd Bergmann
2015-10-30 23:17 ` Benjamin Herrenschmidt
2015-10-30 23:24 ` Arnd Bergmann
2015-11-02 14:51 ` Joerg Roedel
2015-10-29 7:32 ` Shamir Rabinovitch
2015-11-02 14:44 ` Joerg Roedel
2015-11-02 17:32 ` Shamir Rabinovitch
2015-11-05 13:42 ` Joerg Roedel
2015-11-05 21:11 ` David Miller
2015-11-07 15:06 ` Shamir Rabinovitch
[not found] ` <CAN+hb0UvztgwNuAh93XdJEe7vgiZgNMc9mHNziHpEopg8Oi4Mg@mail.gmail.com>
2015-11-16 8:42 ` David Woodhouse
[not found] ` <CAN+hb0UWpfcS5DvgMxNjY-5JOztw2mO1r2FJAW17fn974mhxPA@mail.gmail.com>
2015-11-16 18:42 ` Benjamin Serebrin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1446040632.3405.222.camel@infradead.org \
--to=dwmw2@infradead.org \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=corbet@lwn.net \
--cc=cornelia.huck@de.ibm.com \
--cc=davem@davemloft.net \
--cc=hch@lst.de \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=schwidefsky@de.ibm.com \
--cc=sebott@linux.vnet.ibm.com \
--cc=shamir.rabinovitch@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox