From: Zhen Lei <thunder.leizhen@huawei.com>
To: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will.deacon@arm.com>, Joerg Roedel <joro@8bytes.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
iommu <iommu@lists.linux-foundation.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Subject: [PATCH v3 6/6] iommu/arm-smmu-v3: add bootup option "iommu_strict_mode"
Date: Thu, 12 Jul 2018 14:18:32 +0800 [thread overview]
Message-ID: <1531376312-2192-7-git-send-email-thunder.leizhen@huawei.com> (raw)
In-Reply-To: <1531376312-2192-1-git-send-email-thunder.leizhen@huawei.com>
Because the non-strict mode introduces a vulnerability window, so add a
bootup option to make the manager can choose which mode to be used. The
default mode is IOMMU_STRICT.
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++
drivers/iommu/arm-smmu-v3.c | 32 ++++++++++++++++++++++---
2 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index efc7aa7..0cc80bc 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1720,6 +1720,18 @@
nobypass [PPC/POWERNV]
Disable IOMMU bypass, using IOMMU for PCI devices.
+ iommu_strict_mode= [arm-smmu-v3]
+ 0 - strict mode
+ Make sure all related TLBs to be invalidated before the
+ memory released.
+ 1 - non-strict mode
+ Put off TLBs invalidation and release memory first. This mode
+ introduces a vlunerability window, an untrusted device can
+ access the reused memory because the TLBs may still valid.
+ Please take full consideration before choosing this mode.
+ Note that, VFIO is always use strict mode.
+ others - strict mode
+
iommu.passthrough=
[ARM64] Configure DMA to bypass the IOMMU by default.
Format: { "0" | "1" }
diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 4a198a0..9b72fc4 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -631,6 +631,24 @@ struct arm_smmu_option_prop {
{ 0, NULL},
};
+static u32 iommu_strict_mode __read_mostly = IOMMU_STRICT;
+
+static int __init setup_iommu_strict_mode(char *str)
+{
+ u32 strict_mode = IOMMU_STRICT;
+
+ get_option(&str, &strict_mode);
+ if (strict_mode == IOMMU_NON_STRICT) {
+ iommu_strict_mode = strict_mode;
+ pr_warn("WARNING: iommu non-strict mode is chose.\n"
+ "It's good for scatter-gather performance but lacks full isolation\n");
+ add_taint(TAINT_WARN, LOCKDEP_STILL_OK);
+ }
+
+ return 0;
+}
+early_param("iommu_strict_mode", setup_iommu_strict_mode);
+
static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
struct arm_smmu_device *smmu)
{
@@ -1441,7 +1459,7 @@ static bool arm_smmu_capable(enum iommu_cap cap)
case IOMMU_CAP_NOEXEC:
return true;
case IOMMU_CAP_NON_STRICT:
- return true;
+ return (iommu_strict_mode == IOMMU_NON_STRICT) ? true : false;
default:
return false;
}
@@ -1750,6 +1768,14 @@ static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
return ret;
}
+static u32 arm_smmu_strict_mode(struct iommu_domain *domain)
+{
+ if (iommu_strict_mode == IOMMU_NON_STRICT)
+ return IOMMU_DOMAIN_STRICT_MODE(domain);
+
+ return IOMMU_STRICT;
+}
+
static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
phys_addr_t paddr, size_t size, int prot)
{
@@ -1769,7 +1795,7 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
if (!ops)
return 0;
- return ops->unmap(ops, iova | IOMMU_DOMAIN_STRICT_MODE(domain), size);
+ return ops->unmap(ops, iova | arm_smmu_strict_mode(domain), size);
}
static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
@@ -1784,7 +1810,7 @@ static void arm_smmu_iotlb_sync(struct iommu_domain *domain)
{
struct arm_smmu_device *smmu = to_smmu_domain(domain)->smmu;
- if (smmu && (IOMMU_DOMAIN_STRICT_MODE(domain) == IOMMU_STRICT))
+ if (smmu && (arm_smmu_strict_mode(domain) == IOMMU_STRICT))
__arm_smmu_tlb_sync(smmu);
}
--
1.8.3
WARNING: multiple messages have this Message-ID (diff)
From: thunder.leizhen@huawei.com (Zhen Lei)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 6/6] iommu/arm-smmu-v3: add bootup option "iommu_strict_mode"
Date: Thu, 12 Jul 2018 14:18:32 +0800 [thread overview]
Message-ID: <1531376312-2192-7-git-send-email-thunder.leizhen@huawei.com> (raw)
In-Reply-To: <1531376312-2192-1-git-send-email-thunder.leizhen@huawei.com>
Because the non-strict mode introduces a vulnerability window, so add a
bootup option to make the manager can choose which mode to be used. The
default mode is IOMMU_STRICT.
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++
drivers/iommu/arm-smmu-v3.c | 32 ++++++++++++++++++++++---
2 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index efc7aa7..0cc80bc 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1720,6 +1720,18 @@
nobypass [PPC/POWERNV]
Disable IOMMU bypass, using IOMMU for PCI devices.
+ iommu_strict_mode= [arm-smmu-v3]
+ 0 - strict mode
+ Make sure all related TLBs to be invalidated before the
+ memory released.
+ 1 - non-strict mode
+ Put off TLBs invalidation and release memory first. This mode
+ introduces a vlunerability window, an untrusted device can
+ access the reused memory because the TLBs may still valid.
+ Please take full consideration before choosing this mode.
+ Note that, VFIO is always use strict mode.
+ others - strict mode
+
iommu.passthrough=
[ARM64] Configure DMA to bypass the IOMMU by default.
Format: { "0" | "1" }
diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 4a198a0..9b72fc4 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -631,6 +631,24 @@ struct arm_smmu_option_prop {
{ 0, NULL},
};
+static u32 iommu_strict_mode __read_mostly = IOMMU_STRICT;
+
+static int __init setup_iommu_strict_mode(char *str)
+{
+ u32 strict_mode = IOMMU_STRICT;
+
+ get_option(&str, &strict_mode);
+ if (strict_mode == IOMMU_NON_STRICT) {
+ iommu_strict_mode = strict_mode;
+ pr_warn("WARNING: iommu non-strict mode is chose.\n"
+ "It's good for scatter-gather performance but lacks full isolation\n");
+ add_taint(TAINT_WARN, LOCKDEP_STILL_OK);
+ }
+
+ return 0;
+}
+early_param("iommu_strict_mode", setup_iommu_strict_mode);
+
static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
struct arm_smmu_device *smmu)
{
@@ -1441,7 +1459,7 @@ static bool arm_smmu_capable(enum iommu_cap cap)
case IOMMU_CAP_NOEXEC:
return true;
case IOMMU_CAP_NON_STRICT:
- return true;
+ return (iommu_strict_mode == IOMMU_NON_STRICT) ? true : false;
default:
return false;
}
@@ -1750,6 +1768,14 @@ static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
return ret;
}
+static u32 arm_smmu_strict_mode(struct iommu_domain *domain)
+{
+ if (iommu_strict_mode == IOMMU_NON_STRICT)
+ return IOMMU_DOMAIN_STRICT_MODE(domain);
+
+ return IOMMU_STRICT;
+}
+
static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
phys_addr_t paddr, size_t size, int prot)
{
@@ -1769,7 +1795,7 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
if (!ops)
return 0;
- return ops->unmap(ops, iova | IOMMU_DOMAIN_STRICT_MODE(domain), size);
+ return ops->unmap(ops, iova | arm_smmu_strict_mode(domain), size);
}
static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
@@ -1784,7 +1810,7 @@ static void arm_smmu_iotlb_sync(struct iommu_domain *domain)
{
struct arm_smmu_device *smmu = to_smmu_domain(domain)->smmu;
- if (smmu && (IOMMU_DOMAIN_STRICT_MODE(domain) == IOMMU_STRICT))
+ if (smmu && (arm_smmu_strict_mode(domain) == IOMMU_STRICT))
__arm_smmu_tlb_sync(smmu);
}
--
1.8.3
next prev parent reply other threads:[~2018-07-12 6:19 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-12 6:18 [PATCH v3 0/6] add non-strict mode support for arm-smmu-v3 Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-12 6:18 ` [PATCH v3 1/6] iommu/arm-smmu-v3: fix the implementation of flush_iotlb_all hook Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-12 6:18 ` [PATCH v3 2/6] iommu/dma: add support for non-strict mode Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-24 22:01 ` Robin Murphy
2018-07-24 22:01 ` Robin Murphy
2018-07-24 22:01 ` Robin Murphy
2018-07-26 4:15 ` Leizhen (ThunderTown)
2018-07-26 4:15 ` Leizhen (ThunderTown)
2018-07-26 4:15 ` Leizhen (ThunderTown)
2018-07-12 6:18 ` [PATCH v3 3/6] iommu/amd: use default branch to deal with all non-supported capabilities Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-12 6:18 ` [PATCH v3 4/6] iommu/io-pgtable-arm: add support for non-strict mode Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-24 22:25 ` Robin Murphy
2018-07-24 22:25 ` Robin Murphy
2018-07-26 7:20 ` Leizhen (ThunderTown)
2018-07-26 7:20 ` Leizhen (ThunderTown)
2018-07-26 14:35 ` Robin Murphy
2018-07-26 14:35 ` Robin Murphy
2018-08-06 1:32 ` Yang, Shunyong
2018-08-06 1:32 ` Yang, Shunyong
2018-08-06 1:32 ` Yang, Shunyong
2018-08-14 8:33 ` Leizhen (ThunderTown)
2018-08-14 8:33 ` Leizhen (ThunderTown)
2018-08-14 8:33 ` Leizhen (ThunderTown)
2018-08-14 8:35 ` Will Deacon
2018-08-14 8:35 ` Will Deacon
2018-08-14 8:35 ` Will Deacon
2018-08-14 10:02 ` Robin Murphy
2018-08-14 10:02 ` Robin Murphy
2018-08-15 1:43 ` Yang, Shunyong
2018-08-15 1:43 ` Yang, Shunyong
2018-08-15 1:43 ` Yang, Shunyong
2018-08-15 7:33 ` Will Deacon
2018-08-15 7:33 ` Will Deacon
2018-08-15 7:33 ` Will Deacon
2018-08-15 7:35 ` Will Deacon
2018-08-15 7:35 ` Will Deacon
2018-08-15 7:35 ` Will Deacon
2018-08-16 0:43 ` Yang, Shunyong
2018-08-16 0:43 ` Yang, Shunyong
2018-08-16 0:43 ` Yang, Shunyong
2018-07-12 6:18 ` [PATCH v3 5/6] iommu/arm-smmu-v3: " Zhen Lei
2018-07-12 6:18 ` Zhen Lei
2018-07-12 6:18 ` Zhen Lei [this message]
2018-07-12 6:18 ` [PATCH v3 6/6] iommu/arm-smmu-v3: add bootup option "iommu_strict_mode" Zhen Lei
2018-07-24 22:46 ` Robin Murphy
2018-07-24 22:46 ` Robin Murphy
2018-07-26 7:41 ` Leizhen (ThunderTown)
2018-07-26 7:41 ` Leizhen (ThunderTown)
2018-07-24 21:51 ` [PATCH v3 0/6] add non-strict mode support for arm-smmu-v3 Robin Murphy
2018-07-24 21:51 ` Robin Murphy
2018-07-26 3:44 ` Leizhen (ThunderTown)
2018-07-26 3:44 ` Leizhen (ThunderTown)
2018-07-26 3:44 ` Leizhen (ThunderTown)
2018-07-26 14:16 ` Robin Murphy
2018-07-26 14:16 ` Robin Murphy
2018-07-27 2:49 ` Leizhen (ThunderTown)
2018-07-27 2:49 ` Leizhen (ThunderTown)
2018-07-27 9:37 ` Will Deacon
2018-07-27 9:37 ` Will Deacon
2018-07-27 9:37 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1531376312-2192-7-git-send-email-thunder.leizhen@huawei.com \
--to=thunder.leizhen@huawei.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe.brucker@arm.com \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.