On Tue, May 10, 2022 at 02:17:31PM +0800, Lu Baolu wrote: > The current kernel DMA with PASID support is based on the SVA with a flag > SVM_FLAG_SUPERVISOR_MODE. The IOMMU driver binds the kernel memory address > space to a PASID of the device. The device driver programs the device with > kernel virtual address (KVA) for DMA access. There have been security and > functional issues with this approach: > > - The lack of IOTLB synchronization upon kernel page table updates. > (vmalloc, module/BPF loading, CONFIG_DEBUG_PAGEALLOC etc.) > - Other than slight more protection, using kernel virtual address (KVA) > has little advantage over physical address. There are also no use > cases yet where DMA engines need kernel virtual addresses for in-kernel > DMA. > > This removes SVM_FLAG_SUPERVISOR_MODE support in the Intel IOMMU driver. > The device driver is suggested to handle kernel DMA with PASID through > the kernel DMA APIs. > > Link: https://lore.kernel.org/linux-iommu/20210511194726.gp1002...@nvidia.com/ > Signed-off-by: Jacob Pan <jacob.jun....@linux.intel.com> > Signed-off-by: Lu Baolu <baolu...@linux.intel.com> > --- > drivers/iommu/intel/svm.c | 53 +++++++++------------------------------ > 1 file changed, 12 insertions(+), 41 deletions(-)
Reviewed-by: Jason Gunthorpe <j...@nvidia.com> Jason _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
