| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200427102818.5f877d53@jacob-builder>
Date: Mon, 27 Apr 2020 10:28:18 -0700
From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
To: "Tian, Kevin" <kevin.tian@...el.com>
Cc: Auger Eric <eric.auger@...hat.com>,
Yi L <yi.l.liu@...ux.intel.com>,
Alex Williamson <alex.williamson@...hat.com>,
"Raj, Ashok" <ashok.raj@...el.com>,
"David Woodhouse" <dwmw2@...radead.org>,
LKML <linux-kernel@...r.kernel.org>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
Jean-Philippe Brucker <jean-philippe@...aro.com>,
Jonathan Cameron <jic23@...nel.org>,
jacob.jun.pan@...ux.intel.com
Subject: Re: [PATCH v11 05/10] iommu/vt-d: Add bind guest PASID support
On Fri, 17 Apr 2020 23:46:13 +0000
"Tian, Kevin" <kevin.tian@...el.com> wrote:
> > From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
> > Sent: Friday, April 17, 2020 11:29 PM
> >
> > On Fri, 17 Apr 2020 09:46:55 +0200
> > Auger Eric <eric.auger@...hat.com> wrote:
> >
> > > Hi Kevin,
> > > On 4/17/20 4:45 AM, Tian, Kevin wrote:
> > > >> From: Auger Eric
> > > >> Sent: Thursday, April 16, 2020 6:43 PM
> > > >>
> > > > [...]
> > > >>>>> + if (svm) {
> > > >>>>> + /*
> > > >>>>> + * If we found svm for the PASID, there
> > > >>>>> must be at
> > > >>>>> + * least one device bond, otherwise svm
> > > >>>>> should be freed.
> > > >>>>> + */
> > > >>>>> + if (WARN_ON(list_empty(&svm->devs))) {
> > > >>>>> + ret = -EINVAL;
> > > >>>>> + goto out;
> > > >>>>> + }
> > > >>>>> +
> > > >>>>> + for_each_svm_dev(sdev, svm, dev) {
> > > >>>>> + /* In case of multiple sub-devices
> > > >>>>> of the same pdev
> > > >>>>> + * assigned, we should allow
> > > >>>>> multiple bind calls with
> > > >>>>> + * the same PASID and pdev.
> > > >>>>> + */
> > > >>>>> + sdev->users++;
> > > >>>> What if this is not an mdev device. Is it also allowed?
> > > >>> Yes. IOMMU and VT-d driver is not mdev aware. Here mdev is
> > > >>> just an example of normal use case. You can bind the same PCI
> > > >>> device (PF or SRIOV VF) more than once to the same PASID.
> > > >>> Just need to unbind also.
> > > >>
> > > >> I don't get the point of binding a non mdev device several
> > > >> times with the same PASID. Do you intend to allow that at
> > > >> userspace level or prevent this from happening in VFIO?
> > > >
> > > > I feel it's better to prevent this from happening, otherwise
> > > > VFIO also needs to track the bind count and do multiple unbinds
> > > > at mm_exit. But it's not necessary to prevent it in VFIO. We
> > > > can check here upon whether aux_domain is valid, and if not
> > > > return -EBUSY.
> > > Ah OK. So if we can detect the case here it is even better
> > >
> > I don't understand why VFIO cannot track, since it is mdev aware.
> > if we don;t refcount the users, one mdev unbind will result unbind
> > for all mdev under the same pdev. That may not be the right thing
> > to do.
>
> The open here is not for mdev, which refcount is still required.
> Eric's point is for non-mdev endpoints. It's meaningless and not
> intuitive to allow binding a PASID multiple-times to the same device.
>
That seems contradictory. The refcount here is intended/required for sub
devices such as mdev. Since IOMMU driver is not mdev aware, we cannot
treat devices differently.
Perhaps Yi can clarify if this case is handled within VFIO, then I can
drop the refcount here.
> Thanks
> Kevin
[Jacob Pan]
Powered by blists - more mailing lists