Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1924648imm; Thu, 12 Jul 2018 10:01:35 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcWz2DZxQmagHjP1mjaOqxYKMmjDbqP0Y/XulsUMnYQdrN3f9vOuZJLH9TrWRy3w1wNGH87 X-Received: by 2002:a17:902:925:: with SMTP id 34-v6mr2956674plm.103.1531414895928; Thu, 12 Jul 2018 10:01:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531414895; cv=none; d=google.com; s=arc-20160816; b=qP25BuUBsUY+UzT6BE4u0KQ29hSCgAYgU3eUePZlVKvhTpH9An9/FLSSiUCBwOW4tz TJUIH8uJulRW+n4JGnBlnLE9XLLWgmYCqhu7sGSWfTbUDbL3Wcdo/JgcROrCrDzzgEYN ZQ867doLsRjvz8X8O5yBPEuORQMpTNr5Z3QDBw47+yhMIWNgFj97Vn4u6e+bbfjNPkMq je/XcmSb5TC+HHExpgEmvZ0QoqhOa6sApc5b0HUeQqD72tRZ+RA/RZaKp5tQ87teTHBM QOqAeVsySaAEcFkhgfgs1DskxY+QjXWxec+2u4Bop/gK35AmYNQk3z/GjluNsJd/Jyxw I8AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=2EYhYQEfU14A/StbrQx68pvXZrqiiURzomF1O2ZXz2Y=; b=WItW0Dhly/pDTe1fBiEmH4DuZ/NvmlCm9/fGipihUxdttMvxURpfSjwVNQx9w3+SdU P484qCJPrTf+xCL5AQvhILQVYctOUURDY9fUn4IY8MBK0rNrMkcSA9KUH27M25jwkPp+ dw7M5aLQ7dcCJIUh42WfWJ8mQE/XXiXdf9nySWY3Fdp0wmX/QHx+NO/7P5h23cSocyx5 Io0wXnvq7TlLCJu3i7/d/Yjj0WWgi9NhZ1raENp+v1VqQBPHUYXWSckMaMVFC06H/a30 cMoF1HOUu0Rvq8UifZhUgg8qX5rQ9g5Jxj8ZKNLf+lukzz2RUAdn+zrW2sGWt/htrsYf g/tw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b23-v6si21175437pls.341.2018.07.12.10.01.19; Thu, 12 Jul 2018 10:01:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732310AbeGLRLD (ORCPT + 99 others); Thu, 12 Jul 2018 13:11:03 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53548 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726775AbeGLRLC (ORCPT ); Thu, 12 Jul 2018 13:11:02 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EC39FED1; Thu, 12 Jul 2018 10:00:38 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BE1513F589; Thu, 12 Jul 2018 10:00:38 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 2F0891AE30FD; Thu, 12 Jul 2018 18:01:21 +0100 (BST) Date: Thu, 12 Jul 2018 18:01:21 +0100 From: Will Deacon To: Zhen Lei Cc: Jean-Philippe Brucker , Robin Murphy , Joerg Roedel , linux-arm-kernel , iommu , linux-kernel Subject: Re: [PATCH 1/1] iommu/arm-smmu-v3: prevent any devices access to memory without registration Message-ID: <20180712170120.GC26935@arm.com> References: <1531387723-3592-1-git-send-email-thunder.leizhen@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1531387723-3592-1-git-send-email-thunder.leizhen@huawei.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 12, 2018 at 05:28:43PM +0800, Zhen Lei wrote: > Stream bypass is not security. A malicious device can be hot plugged > without match any drivers, but it can access to any memory. So change to > disable bypass by default. > > Signed-off-by: Zhen Lei > --- > drivers/iommu/arm-smmu-v3.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Whilst this sounds nice, I *bet* you it will break some systems. In particular, those where the SMMU is described but the toplogical information is either incorrect or incomplete. I guess we could put it into next and see if anybody complains. What do others think? Will > diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c > index 1d64710..b0ec28d 100644 > --- a/drivers/iommu/arm-smmu-v3.c > +++ b/drivers/iommu/arm-smmu-v3.c > @@ -366,7 +366,7 @@ > #define MSI_IOVA_BASE 0x8000000 > #define MSI_IOVA_LENGTH 0x100000 > > -static bool disable_bypass; > +static bool disable_bypass = 1; > module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO); > MODULE_PARM_DESC(disable_bypass, > "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU."); > -- > 1.8.3 > >