Re: [PATCH 1/1] iommu: Don't use lazy flush for untrusted device

From: Will Deacon
Date: Thu Mar 25 2021 - 10:58:05 EST

Next message: Dave Hansen: "Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support"
Previous message: Alex Williamson: "Re: [PATCH 4/4] PCI/sysfs: Allow userspace to query and set device reset mechanism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 25, 2021 at 02:14:54PM +0800, Lu Baolu wrote:
> The lazy IOTLB flushing setup leaves a time window, in which the device
> can still access some system memory, which has already been unmapped by
> the device driver. It's not suitable for untrusted devices. A malicious
> device might use this to attack the system by obtaining data that it
> shouldn't obtain.
>
> Fixes: c588072bba6b5 ("iommu/vt-d: Convert intel iommu driver to the iommu ops")
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---
> drivers/iommu/dma-iommu.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)

Acked-by: Will Deacon <will@xxxxxxxxxx>

Will

Next message: Dave Hansen: "Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support"
Previous message: Alex Williamson: "Re: [PATCH 4/4] PCI/sysfs: Allow userspace to query and set device reset mechanism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]