Re: [PATCH 2/2] iommu: Use the user PGD for SVA if PTI is enabled

From: Baolu Lu
Date: Tue Aug 30 2022 - 21:03:16 EST


On 8/23/22 4:12 AM, Jacob Pan wrote:
With page table isolation, the kernel manages two sets of page tables
for each process: one for user one for kernel. When enabling SVA, the
current x86 IOMMU drivers bind device and PASID with the kernel copy
of the process page table.

While there is no known "Meltdown" type of DMA attack, exposing
kernel mapping to DMA intended for userspace makes the system vulnerable
unnecessarily. It also breaks the intention of PTI.

This patch replaces kernel page table PGD with the user counterpart,
thus fulfill the promise of PTI on the DMA side.

Signed-off-by: Jacob Pan<jacob.jun.pan@xxxxxxxxxxxxxxx>

Reviewed-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>

Best regards,
baolu