From: "Sven Peter" <sven@svenpeter.dev>
To: iommu@lists.linux-foundation.org
Cc: "Joerg Roedel" <joro@8bytes.org>, "Will Deacon" <will@kernel.org>,
"Robin Murphy" <robin.murphy@arm.com>,
"Arnd Bergmann" <arnd@kernel.org>,
"Mohamed Mediouni" <mohamed.mediouni@caramail.com>,
"Alexander Graf" <graf@amazon.com>,
"Hector Martin" <marcan@marcan.st>,
"Alyssa Rosenzweig" <alyssa@rosenzweig.io>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/8] iommu/dma: Fail unaligned map requests for untrusted devs
Date: Sat, 28 Aug 2021 21:00:17 +0200 [thread overview]
Message-ID: <b4f0c6c4-76cd-47ae-b45c-7773cf250b5f@www.fastmail.com> (raw)
In-Reply-To: <20210828153642.19396-3-sven@svenpeter.dev>
and ofc shortly after submitting this series I realized this doesn't quite work yet:
swiotlb_tbl_map_single can return a 16KB buffer that's only aligned to a 4KB boundary.
v3 will need at least another change to ensure that the result will be aligned to
a 16KB boundary as well.
Sven
On Sat, Aug 28, 2021, at 17:36, Sven Peter wrote:
> If swiotlb is enabled we should never try to create any mappings that
> would expose more memory than requested to the device.
> WARN_ON and refuse those mappings just in case.
>
> Signed-off-by: Sven Peter <sven@svenpeter.dev>
> ---
> drivers/iommu/dma-iommu.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index e8eae34e9e4f..d6e273ec3de6 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -534,13 +534,20 @@ static dma_addr_t __iommu_dma_map(struct device
> *dev, phys_addr_t phys,
> struct iommu_dma_cookie *cookie = domain->iova_cookie;
> struct iova_domain *iovad = &cookie->iovad;
> size_t iova_off = iova_offset(iovad, phys);
> + size_t size_aligned = iova_align(iovad, size + iova_off);
> dma_addr_t iova;
>
> if (static_branch_unlikely(&iommu_deferred_attach_enabled) &&
> iommu_deferred_attach(dev, domain))
> return DMA_MAPPING_ERROR;
>
> - size = iova_align(iovad, size + iova_off);
> + if (IS_ENABLED(CONFIG_SWIOTLB) && dev_is_untrusted(dev)) {
> + if (WARN_ON(iova_off))
> + return DMA_MAPPING_ERROR;
> + if (WARN_ON(size_aligned != size))
> + return DMA_MAPPING_ERROR;
> + }
> + size = size_aligned;
>
> iova = iommu_dma_alloc_iova(domain, size, dma_mask, dev);
> if (!iova)
> --
> 2.25.1
>
>
--
Sven Peter
WARNING: multiple messages have this Message-ID (diff)
From: Sven Peter via iommu <iommu@lists.linux-foundation.org>
To: iommu@lists.linux-foundation.org
Cc: Arnd Bergmann <arnd@kernel.org>, Will Deacon <will@kernel.org>,
Hector Martin <marcan@marcan.st>,
linux-kernel@vger.kernel.org, Alexander Graf <graf@amazon.com>,
Mohamed Mediouni <mohamed.mediouni@caramail.com>,
Robin Murphy <robin.murphy@arm.com>,
Alyssa Rosenzweig <alyssa@rosenzweig.io>
Subject: Re: [PATCH v2 2/8] iommu/dma: Fail unaligned map requests for untrusted devs
Date: Sat, 28 Aug 2021 21:00:17 +0200 [thread overview]
Message-ID: <b4f0c6c4-76cd-47ae-b45c-7773cf250b5f@www.fastmail.com> (raw)
In-Reply-To: <20210828153642.19396-3-sven@svenpeter.dev>
and ofc shortly after submitting this series I realized this doesn't quite work yet:
swiotlb_tbl_map_single can return a 16KB buffer that's only aligned to a 4KB boundary.
v3 will need at least another change to ensure that the result will be aligned to
a 16KB boundary as well.
Sven
On Sat, Aug 28, 2021, at 17:36, Sven Peter wrote:
> If swiotlb is enabled we should never try to create any mappings that
> would expose more memory than requested to the device.
> WARN_ON and refuse those mappings just in case.
>
> Signed-off-by: Sven Peter <sven@svenpeter.dev>
> ---
> drivers/iommu/dma-iommu.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index e8eae34e9e4f..d6e273ec3de6 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -534,13 +534,20 @@ static dma_addr_t __iommu_dma_map(struct device
> *dev, phys_addr_t phys,
> struct iommu_dma_cookie *cookie = domain->iova_cookie;
> struct iova_domain *iovad = &cookie->iovad;
> size_t iova_off = iova_offset(iovad, phys);
> + size_t size_aligned = iova_align(iovad, size + iova_off);
> dma_addr_t iova;
>
> if (static_branch_unlikely(&iommu_deferred_attach_enabled) &&
> iommu_deferred_attach(dev, domain))
> return DMA_MAPPING_ERROR;
>
> - size = iova_align(iovad, size + iova_off);
> + if (IS_ENABLED(CONFIG_SWIOTLB) && dev_is_untrusted(dev)) {
> + if (WARN_ON(iova_off))
> + return DMA_MAPPING_ERROR;
> + if (WARN_ON(size_aligned != size))
> + return DMA_MAPPING_ERROR;
> + }
> + size = size_aligned;
>
> iova = iommu_dma_alloc_iova(domain, size, dma_mask, dev);
> if (!iova)
> --
> 2.25.1
>
>
--
Sven Peter
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-08-28 19:00 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-28 15:36 [PATCH v2 0/8] Support IOMMU page sizes larger than the CPU page size Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 1/8] iommu/dma: Align size for untrusted devs to IOVA granule Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 2/8] iommu/dma: Fail unaligned map requests for untrusted devs Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 19:00 ` Sven Peter [this message]
2021-08-28 19:00 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 3/8] iommu/dma: Disable get_sgtable for granule > PAGE_SIZE Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-31 21:30 ` Alyssa Rosenzweig
2021-08-31 21:30 ` Alyssa Rosenzweig
2021-09-01 17:06 ` Sven Peter
2021-09-01 17:06 ` Sven Peter via iommu
2021-09-01 21:10 ` Alyssa Rosenzweig
2021-09-01 21:10 ` Alyssa Rosenzweig
2021-09-02 18:19 ` Sven Peter
2021-09-02 18:19 ` Sven Peter via iommu
2021-09-02 19:42 ` Robin Murphy
2021-09-02 19:42 ` Robin Murphy
2021-09-03 13:11 ` Alyssa Rosenzweig
2021-09-03 13:11 ` Alyssa Rosenzweig
2021-09-03 15:16 ` Sven Peter
2021-09-03 15:16 ` Sven Peter via iommu
2021-09-03 15:45 ` Robin Murphy
2021-09-03 15:45 ` Robin Murphy
2021-09-03 16:51 ` Sven Peter
2021-09-03 16:51 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 4/8] iommu/dma: Support granule > PAGE_SIZE in dma_map_sg Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 21:10 ` kernel test robot
2021-08-28 21:10 ` kernel test robot
2021-08-28 21:10 ` kernel test robot
2021-08-28 22:31 ` kernel test robot
2021-08-28 22:31 ` kernel test robot
2021-08-28 22:33 ` kernel test robot
2021-08-28 22:33 ` kernel test robot
2021-08-28 22:33 ` kernel test robot
2021-08-28 15:36 ` [PATCH v2 5/8] iommu/dma: Support PAGE_SIZE < iovad->granule allocations Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 6/8] iommu: Move IOMMU pagesize check to attach_device Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-31 21:39 ` Alyssa Rosenzweig
2021-08-31 21:39 ` Alyssa Rosenzweig
2021-09-01 17:14 ` Sven Peter
2021-09-01 17:14 ` Sven Peter via iommu
2021-09-01 18:53 ` Robin Murphy
2021-09-01 18:53 ` Robin Murphy
2021-08-28 15:36 ` [PATCH v2 7/8] iommu: Introduce __IOMMU_DOMAIN_LP Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-28 15:36 ` [PATCH v2 8/8] iommu/dart: Remove force_bypass logic Sven Peter
2021-08-28 15:36 ` Sven Peter via iommu
2021-08-31 21:40 ` Alyssa Rosenzweig
2021-08-31 21:40 ` Alyssa Rosenzweig
2021-08-31 21:32 ` [PATCH v2 0/8] Support IOMMU page sizes larger than the CPU page size Alyssa Rosenzweig
2021-08-31 21:32 ` Alyssa Rosenzweig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4f0c6c4-76cd-47ae-b45c-7773cf250b5f@www.fastmail.com \
--to=sven@svenpeter.dev \
--cc=alyssa@rosenzweig.io \
--cc=arnd@kernel.org \
--cc=graf@amazon.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcan@marcan.st \
--cc=mohamed.mediouni@caramail.com \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.