Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3583833ybi;
        Sun, 2 Jun 2019 18:25:14 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw4jHZDJBCIJaKPPXGARhs5zYGJxWhStv2xtMQgF5m3ZT50gCFKpMe00YOsjUw41zaXhl3s
X-Received: by 2002:a17:902:aa83:: with SMTP id d3mr5467410plr.74.1559525114619;
        Sun, 02 Jun 2019 18:25:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559525114; cv=none;
        d=google.com; s=arc-20160816;
        b=hO1x653mQJ6YZWjykfw3lqCQaIita58zTqLFOAUxt9AWbmE3/SrXk0CD1QDAcRLAqY
         Jm85fI/1r5TAQropzBPW2P4aNPIZZ19x1W2namDjBo+dAG2D947vLXZNGZ0I5bbqJp6P
         qWf10GWJ9GSw1pqkDA9OAukOUxszN1V/rM0IU73tms4I0KRzy+OXUo97u/sgY/5xpl5X
         O+Ppy1Nad8u+40QgRRZ74otTd535PitOFGyZ6KbJQXg96jxYNqR4h8f/+9uWrjMzFTC4
         In+MOAluxzSyc2ZoZrQ9XZPRAKvwF0MLOLPRK4xQUULRtygsD/7/D5AZxZPmWxr+RbLf
         vo+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from;
        bh=+sZYJZnlfcqFGmycuWVkp+zhZStLzAUUCwYwl6njRAA=;
        b=tQlhPpBRrzj6qo0VGKJ4pK/WSpoIuI8iNPHEWSXPH05BzvRrlyIsxM36gC0riw8Up5
         QSXfZ+ZewalBuaBTH+h491Vc05nK9QJej3+3Gy/C7K+C2bc3xihsj2AtnSftTvR4XZye
         b9PJ6NCY7i0emeTrodumgEGOhW02QUXc1wwP+IrEQ0dcFE6DH2ZpO/C54pjFmoekWoa2
         xTZpvDKBaXpIgyrrb6gMcY6DrX+Yce4eNNnjEFErlQBSUKnDf8gLPuGShpuB9cKDbhEF
         zQ2uzDf9T/lH9E1kxYmkL4vbzg8QX2mfX4hXxnerRYF4CgnjZDrtDAWrsk5E3UxZJoEJ
         EsMA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r140si18212990pgr.29.2019.06.02.18.24.59;
        Sun, 02 Jun 2019 18:25:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726958AbfFCBXv (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Sun, 2 Jun 2019 21:23:51 -0400
Received: from mga17.intel.com ([192.55.52.151]:20792 "EHLO mga17.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726270AbfFCBXt (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 2 Jun 2019 21:23:49 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jun 2019 18:23:48 -0700
X-ExtLoop1: 1
Received: from allen-box.sh.intel.com ([10.239.159.136])
  by FMSMGA003.fm.intel.com with ESMTP; 02 Jun 2019 18:23:45 -0700
From:   Lu Baolu <baolu.lu@linux.intel.com>
To:     David Woodhouse <dwmw2@infradead.org>,
        Joerg Roedel <joro@8bytes.org>,
        Bjorn Helgaas <bhelgaas@google.com>,
        Christoph Hellwig <hch@lst.de>
Cc:     ashok.raj@intel.com, jacob.jun.pan@intel.com, alan.cox@intel.com,
        kevin.tian@intel.com, mika.westerberg@linux.intel.com,
        Ingo Molnar <mingo@redhat.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        pengfei.xu@intel.com,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Marek Szyprowski <m.szyprowski@samsung.com>,
        Robin Murphy <robin.murphy@arm.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Juergen Gross <jgross@suse.com>,
        Stefano Stabellini <sstabellini@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
        Lu Baolu <baolu.lu@linux.intel.com>
Subject: [PATCH v4 3/9] swiotlb: Zero out bounce buffer for untrusted device
Date:   Mon,  3 Jun 2019 09:16:14 +0800
Message-Id: <20190603011620.31999-4-baolu.lu@linux.intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190603011620.31999-1-baolu.lu@linux.intel.com>
References: <20190603011620.31999-1-baolu.lu@linux.intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is necessary to avoid exposing valid kernel data to any
milicious device.

Suggested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
---
 kernel/dma/swiotlb.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index f956f785645a..ed41eb7f6131 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -35,6 +35,7 @@
 #include <linux/scatterlist.h>
 #include <linux/mem_encrypt.h>
 #include <linux/set_memory.h>
+#include <linux/pci.h>
 #ifdef CONFIG_DEBUG_FS
 #include <linux/debugfs.h>
 #endif
@@ -560,6 +561,11 @@ phys_addr_t swiotlb_tbl_map_single(struct device *hwdev,
 	 */
 	for (i = 0; i < nslots; i++)
 		io_tlb_orig_addr[index+i] = orig_addr + (i << IO_TLB_SHIFT);
+
+	/* Zero out the bounce buffer if the consumer is untrusted. */
+	if (dev_is_untrusted(hwdev))
+		memset(phys_to_virt(tlb_addr), 0, alloc_size);
+
 	if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
 	    (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL))
 		swiotlb_bounce(orig_addr, tlb_addr, mapping_size, DMA_TO_DEVICE);
-- 
2.17.1