[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 6/9] drivers/char: mark DMA buffers as reserved for the XHCI
- To: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 25 Aug 2022 17:47:07 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qp0148i+b4LAtKctqL7Y19z+aFNUs+PjAlvN6SH+0OQ=; b=EiKnpfQ8kanRj6xxwyXiYA961lO/grJVJuz8aStoE5lsu1Tm0jA72oKDEkz7JsiGeMQ03pmN1DA5mPdAqsYnyGiGKHwLdXTcKVW0/L7nN/wcwtI+Zhy1mARrILCVd9lG+z2qECr0kisF4s1Uxcds31SvfTEOBxdAp7ltos2T87wjeTVN9ngY4BMgsvgr4jlkpHPNofa7JqKBzl8gVemt1dFKwD0TjjB2tInyan5jtrT1xa1Lo6qt+815AqcKVMbuasGCBdcx9Evu2vmfMZrk/1kU8a1I7lFZQK8EBRjH8jRkeHPa42BZ/r4RjkzkrFYp/cAAvtB3csWVlvN/ucbmrA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l9AYSOIvD6NZ1M9gf+i/tOqL7QsRfWl8Iu9yCDwEPp2o6RK5OcZZsN5YpzCuXug3oEv6S8ord8JvLbDJ4VD3v0fPEze2BLfTor7IUTqAx2sUtDiRXK1dcvZtKbSKfotR5wb35trAn4/whc2Yp+6a15Gfh3fWK+DukZSuHiv4YfseNddnklymdKLnEyJZx6btzgOYWmoPmexdTl/KFcXQsGo5p5J+4m9ICJOZcoaH4ZEpTxkHoxN3zWoiuyb5r8B0uJhEEMHhST55fWRKqsqpw9vBCKT92tRs2b85f4ZRCfGdknEwh2hAFJWnZ4cNGFyF3gXj707ME5KsRv6dMQsvLA==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Thu, 25 Aug 2022 15:47:13 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 22.08.2022 17:27, Marek Marczykowski-Górecki wrote:
> The important part is to include those buffers in IOMMU page table
> relevant for the USB controller. Otherwise, DbC will stop working as
> soon as IOMMU is enabled, regardless of to which domain device assigned
> (be it xen or dom0).
> If the device is passed through to dom0 or other domain (see later
> patches), that domain will effectively have access to those buffers too.
> It does give such domain yet another way to DoS the system (as is the
> case when having PCI device assigned already), but also possibly steal
> the console ring content. Thus, such domain should be a trusted one.
> In any case, prevent anything else being placed on those pages by adding
> artificial padding.
>
> Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
|
