Re: [PATCH 08/18] iommu: Introduce cache_invalidate API
From: Jacob Pan
Date: Tue Apr 09 2019 - 12:40:56 EST
On Tue, 9 Apr 2019 13:07:18 +0300
Andriy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> wrote:
> On Mon, Apr 08, 2019 at 04:59:23PM -0700, Jacob Pan wrote:
> > From: "Liu, Yi L" <yi.l.liu@xxxxxxxxxxxxxxx>
> >
> > In any virtualization use case, when the first translation stage
> > is "owned" by the guest OS, the host IOMMU driver has no knowledge
> > of caching structure updates unless the guest invalidation
> > activities are trapped by the virtualizer and passed down to the
> > host.
> >
> > Since the invalidation data are obtained from user space and will be
> > written into physical IOMMU, we must allow security check at various
> > layers. Therefore, generic invalidation data format are proposed
> > here, model specific IOMMU drivers need to convert them into their
> > own format.
>
> > +int iommu_cache_invalidate(struct iommu_domain *domain, struct
> > device *dev,
> > + struct iommu_cache_invalidate_info
> > *inv_info) +{
> > + int ret = 0;
>
> Redundant assignment.
>
I am not a security expert but initialization of local variable can be
more secure.
I was looking at this talk.
https://outflux.net/slides/2018/lss/danger.pdf
https://cwe.mitre.org/data/definitions/457.html
> > +
> > + if (unlikely(!domain->ops->cache_invalidate))
> > + return -ENODEV;
> > +
> > + ret = domain->ops->cache_invalidate(domain, dev, inv_info);
> > +
> > + return ret;
> > +}
>
[Jacob Pan]