From: Andi Kleen <ak@linux.intel.com>
To: Robin Murphy <robin.murphy@arm.com>, mst@redhat.com
Cc: sathyanarayanan.kuppuswamy@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
iommu@lists.linux-foundation.org, jpoimboe@redhat.com,
hch@lst.de, m.szyprowski@samsung.com
Subject: Re: [PATCH v1 6/8] dma: Add return value to dma_unmap_page
Date: Thu, 3 Jun 2021 05:36:53 -0700 [thread overview]
Message-ID: <dbca06fa-d708-3c76-2890-82ca5a781366@linux.intel.com> (raw)
In-Reply-To: <c3b15bc2-104b-dace-1f23-608197b18107@arm.com>
>
> What it looks like to me is abusing SWIOTLB's internal housekeeping to
> keep track of virtio-specific state. The DMA API does not attempt to
> validate calls in general since in many cases the additional overhead
> would be prohibitive. It has always been callers' responsibility to
> keep track of what they mapped and make sure sync/unmap calls match,
> and there are many, many, subtle and not-so-subtle ways for things to
> go wrong if they don't. If virtio is not doing a good enough job of
> that, what's the justification for making it the DMA API's problem?
In this case it's not prohibitive at all. Just adding a few error
returns, and checking the overlap (which seems to have been already
solved anyways) I would argue the error returns are good practice
anyways, so that API users can check that something bad happening and
abort. The DMA API was never very good at proper error handling, but
there's no reason at all to continue being bad it forever.
AFAIK the rest just works anyways, so it's not really a new problem to
be solved.
>
>> A new callback is used to avoid changing all the IOMMU drivers.
>
> Nit: presumably by "IOMMU drivers" you actually mean arch DMA API
> backends?
Yes
>
> Furthermore, AFAICS it's still not going to help against exfiltrating
> guest memory by over-unmapping the original SWIOTLB slot *without*
> going past the end of the whole buffer,
That would be just exfiltrating data that is already shared, unless I'm
misunderstanding you.
-Andi
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-06-03 12:37 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 0:41 Virtio hardening for TDX Andi Kleen
2021-06-03 0:41 ` [PATCH v1 1/8] virtio: Force only split mode with protected guest Andi Kleen
2021-06-03 1:36 ` Jason Wang
2021-06-03 1:48 ` Andi Kleen
2021-06-03 2:32 ` Jason Wang
2021-06-03 2:56 ` Andi Kleen
2021-06-03 3:02 ` Jason Wang
2021-06-03 13:55 ` Andi Kleen
2021-06-04 2:29 ` Jason Wang
2021-06-03 17:33 ` Andy Lutomirski
2021-06-03 18:00 ` Andi Kleen
2021-06-03 19:31 ` Andy Lutomirski
2021-06-03 19:53 ` Andi Kleen
2021-06-03 22:17 ` Andy Lutomirski
2021-06-03 23:32 ` Andi Kleen
2021-06-04 1:46 ` Andy Lutomirski
2021-06-04 1:54 ` Andi Kleen
2021-06-04 1:22 ` Jason Wang
2021-06-04 1:29 ` Jason Wang
2021-06-04 2:20 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 2/8] virtio: Add boundary checks to virtio ring Andi Kleen
2021-06-03 2:14 ` Jason Wang
2021-06-03 2:18 ` Andi Kleen
2021-06-03 2:36 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 3/8] virtio: Harden split buffer detachment Andi Kleen
2021-06-03 2:29 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Andi Kleen
2021-06-03 0:41 ` [PATCH v1 5/8] dma: Use size for swiotlb boundary checks Andi Kleen
2021-06-03 1:48 ` Konrad Rzeszutek Wilk
2021-06-03 2:03 ` Andi Kleen
2021-06-03 9:09 ` Robin Murphy
2021-06-03 0:41 ` [PATCH v1 6/8] dma: Add return value to dma_unmap_page Andi Kleen
2021-06-03 9:08 ` Robin Murphy
2021-06-03 12:36 ` Andi Kleen [this message]
2021-06-03 0:41 ` [PATCH v1 7/8] virtio: Abort IO when descriptor points outside forced swiotlb Andi Kleen
2021-06-03 0:41 ` [PATCH v1 8/8] virtio: Error out on endless free lists Andi Kleen
2021-06-03 1:34 ` Virtio hardening for TDX Jason Wang
2021-06-03 1:56 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dbca06fa-d708-3c76-2890-82ca5a781366@linux.intel.com \
--to=ak@linux.intel.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mst@redhat.com \
--cc=robin.murphy@arm.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).