Re: [PATCH 1/1] iommu: Don't use lazy flush for untrusted device
From: Will Deacon
Date: Thu Mar 25 2021 - 10:58:05 EST
On Thu, Feb 25, 2021 at 02:14:54PM +0800, Lu Baolu wrote:
> The lazy IOTLB flushing setup leaves a time window, in which the device
> can still access some system memory, which has already been unmapped by
> the device driver. It's not suitable for untrusted devices. A malicious
> device might use this to attack the system by obtaining data that it
> shouldn't obtain.
>
> Fixes: c588072bba6b5 ("iommu/vt-d: Convert intel iommu driver to the iommu ops")
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---
> drivers/iommu/dma-iommu.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
Acked-by: Will Deacon <will@xxxxxxxxxx>
Will