Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA

From: Jason Gunthorpe
Date: Thu Oct 07 2021 - 15:10:59 EST

Next message: Bjorn Helgaas: "Re: [RFC] [PATCH net-next v5 0/3] r8169: Implement dynamic ASPM mechanism for recent 1.0/2.5Gbps Realtek NICs"
Previous message: Jacob Pan: "Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA"
In reply to: Jacob Pan: "Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 07, 2021 at 12:11:27PM -0700, Jacob Pan wrote:
> Hi Barry,
>
> On Thu, 7 Oct 2021 18:43:33 +1300, Barry Song <21cnbao@xxxxxxxxx> wrote:
>
> > > > Security-wise, KVA respects kernel mapping. So permissions are better
> > > > enforced than pass-through and identity mapping.
> > >
> > > Is this meaningful? Isn't the entire physical map still in the KVA and
> > > isn't it entirely RW ?
> >
> > Some areas are RX, for example, ARCH64 supports KERNEL_TEXT_RDONLY.
> > But the difference is really minor.
> That brought up a good point if we were to use DMA API to give out KVA as
> dma_addr for trusted devices. We cannot satisfy DMA direction requirements
> since we can't change kernel mapping. It will be similar to DMA direct
> where dir is ignored AFAICT.

Right.

Using the DMA API to DMA to read only kernel memory is a bug in the
first place.

> Or we are saying if the device is trusted, using pass-through is allowed.
> i.e. physical address.

I don't see trusted being relavent here beyond the usual decision to
use the trusted map or not.

Jason

Next message: Bjorn Helgaas: "Re: [RFC] [PATCH net-next v5 0/3] r8169: Implement dynamic ASPM mechanism for recent 1.0/2.5Gbps Realtek NICs"
Previous message: Jacob Pan: "Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA"
In reply to: Jacob Pan: "Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]