Re: [PATCH 2/2] iommu: Use the user PGD for SVA if PTI is enabled

From: Baolu Lu
Date: Tue Aug 30 2022 - 21:03:16 EST

Next message: kernel test robot: "[rmk-arm:for-next 5/7] init.c:undefined reference to `phys_initrd_start'"
Previous message: Jens Axboe: "Re: [PATCH liburing v1 0/3] liburing updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/23/22 4:12 AM, Jacob Pan wrote:

With page table isolation, the kernel manages two sets of page tables
for each process: one for user one for kernel. When enabling SVA, the
current x86 IOMMU drivers bind device and PASID with the kernel copy
of the process page table.

While there is no known "Meltdown" type of DMA attack, exposing
kernel mapping to DMA intended for userspace makes the system vulnerable
unnecessarily. It also breaks the intention of PTI.

This patch replaces kernel page table PGD with the user counterpart,
thus fulfill the promise of PTI on the DMA side.

Signed-off-by: Jacob Pan<jacob.jun.pan@xxxxxxxxxxxxxxx>

Reviewed-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>

Best regards,
baolu

Next message: kernel test robot: "[rmk-arm:for-next 5/7] init.c:undefined reference to `phys_initrd_start'"
Previous message: Jens Axboe: "Re: [PATCH liburing v1 0/3] liburing updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]