| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 02 Jun 2010 08:40:06 +0300 From: Avi Kivity <avi@...hat.com> To: Chris Wright <chrisw@...s-sol.org> CC: Tom Lyon <pugs@...n-about.com>, "Michael S. Tsirkin" <mst@...hat.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, joro@...tes.org, hjk@...utronix.de, gregkh@...e.de, aafabbri@...co.com, scofeldm@...co.com, alex.williamson@...hat.com Subject: Re: [PATCH] VFIO driver: Non-privileged user level PCI drivers On 06/02/2010 08:29 AM, Chris Wright wrote: > * Avi Kivity (avi@...hat.com) wrote: > >> On 06/02/2010 12:26 AM, Tom Lyon wrote: >> >>> I'm not really opposed to multiple devices per domain, but let me point out how I >>> ended up here. First, the driver has two ways of mapping pages, one based on the >>> iommu api and one based on the dma_map_sg api. With the latter, the system >>> already allocates a domain per device and there's no way to control it. This was >>> presumably done to help isolation between drivers. If there are multiple drivers >>> in the user level, do we not want the same isoation to apply to them? >>> >> In the case of kvm, we don't want isolation between devices, because >> that doesn't happen on real hardware. >> > Sure it does. That's exactly what happens when there's an iommu > involved with bare metal. > But we are emulating a machine without an iommu. When we emulate a machine with an iommu, then yes, we'll want to use as many domains as the guest does. >> So if the guest programs >> devices to dma to each other, we want that to succeed. >> > And it will as long as ATS is enabled (this is a basic requirement > for PCIe peer-to-peer traffic to succeed with an iommu involved on > bare metal). > > That's how things currently are, i.e. we put all devices belonging to a > single guest in the same domain. However, it can be useful to put each > device belonging to a guest in a unique domain. Especially as qemu > grows support for iommu emulation, and guest OSes begin to understand > how to use a hw iommu. > Right, we need to keep flexibility. >>> And then there's the fact that it is possible to have multiple disjoint iommus on a system, >>> so it may not even be possible to bring 2 devices under one domain. >>> >> That's indeed a deficiency. >> > Not sure it's a deficiency. Typically to share page table mappings > across multiple iommu's you just have to do update/invalidate to each > hw iommu that is sharing the mapping. Alternatively, you can use more > memory and build/maintain identical mappings (as Tom alludes to below). > Sharing the page tables is just an optimization, I was worried about devices in separate domains not talking to each other. if ATS fixes that, great. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists