Re: [PATCH v4 3/9] swiotlb: Zero out bounce buffer for untrusted device
From: Lu Baolu
Date: Tue Jun 11 2019 - 20:55:28 EST
Hi Konrad,
Thanks a lot for your reviewing.
On 6/10/19 11:45 PM, Konrad Rzeszutek Wilk wrote:
On Mon, Jun 03, 2019 at 09:16:14AM +0800, Lu Baolu wrote:
This is necessary to avoid exposing valid kernel data to any
milicious device.
malicious
Yes, thanks.
Suggested-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
---
kernel/dma/swiotlb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index f956f785645a..ed41eb7f6131 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -35,6 +35,7 @@
#include <linux/scatterlist.h>
#include <linux/mem_encrypt.h>
#include <linux/set_memory.h>
+#include <linux/pci.h>
#ifdef CONFIG_DEBUG_FS
#include <linux/debugfs.h>
#endif
@@ -560,6 +561,11 @@ phys_addr_t swiotlb_tbl_map_single(struct device *hwdev,
*/
for (i = 0; i < nslots; i++)
io_tlb_orig_addr[index+i] = orig_addr + (i << IO_TLB_SHIFT);
+
+ /* Zero out the bounce buffer if the consumer is untrusted. */
+ if (dev_is_untrusted(hwdev))
+ memset(phys_to_virt(tlb_addr), 0, alloc_size);
What if the alloc_size is less than a PAGE? Should this at least have ALIGN or such?
It's the consumer (iommu subsystem) who requires this to be page
aligned. For swiotlb, it just clears out all data in the allocated
bounce buffer.
Best regards,
Baolu
+
if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
(dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL))
swiotlb_bounce(orig_addr, tlb_addr, mapping_size, DMA_TO_DEVICE);
--
2.17.1