On Wed, Jun 12, 2019 at 08:43:40AM +0800, Lu Baolu wrote: > Hi Konrad, > > Thanks a lot for your reviewing. > > On 6/10/19 11:45 PM, Konrad Rzeszutek Wilk wrote: > > On Mon, Jun 03, 2019 at 09:16:14AM +0800, Lu Baolu wrote: > > > This is necessary to avoid exposing valid kernel data to any > > > milicious device. > > > > malicious > > Yes, thanks. > > > > > > > > > Suggested-by: Christoph Hellwig <h...@lst.de> > > > Signed-off-by: Lu Baolu <baolu...@linux.intel.com> > > > --- > > > kernel/dma/swiotlb.c | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c > > > index f956f785645a..ed41eb7f6131 100644 > > > --- a/kernel/dma/swiotlb.c > > > +++ b/kernel/dma/swiotlb.c > > > @@ -35,6 +35,7 @@ > > > #include <linux/scatterlist.h> > > > #include <linux/mem_encrypt.h> > > > #include <linux/set_memory.h> > > > +#include <linux/pci.h> > > > #ifdef CONFIG_DEBUG_FS > > > #include <linux/debugfs.h> > > > #endif > > > @@ -560,6 +561,11 @@ phys_addr_t swiotlb_tbl_map_single(struct device > > > *hwdev, > > > */ > > > for (i = 0; i < nslots; i++) > > > io_tlb_orig_addr[index+i] = orig_addr + (i << > > > IO_TLB_SHIFT); > > > + > > > + /* Zero out the bounce buffer if the consumer is untrusted. */ > > > + if (dev_is_untrusted(hwdev)) > > > + memset(phys_to_virt(tlb_addr), 0, alloc_size); > > > > What if the alloc_size is less than a PAGE? Should this at least have ALIGN > > or such? > > It's the consumer (iommu subsystem) who requires this to be page > aligned. For swiotlb, it just clears out all data in the allocated > bounce buffer.
I am thinking that the if you don't memset the full page the malicious hardware could read stale date from the rest of the page that hasn't been cleared? > > Best regards, > Baolu > > > > > > + > > > if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) && > > > (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL)) > > > swiotlb_bounce(orig_addr, tlb_addr, mapping_size, > > > DMA_TO_DEVICE); > > > -- > > > 2.17.1 > > > > >
