lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200729140215.0f8c4aca@jacob-builder>
Date:   Wed, 29 Jul 2020 14:02:15 -0700
From:   Jacob Pan <jacob.jun.pan@...ux.intel.com>
To:     "Tian, Kevin" <kevin.tian@...el.com>
Cc:     Alex Williamson <alex.williamson@...hat.com>,
        "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Joerg Roedel <joro@...tes.org>,
        Lu Baolu <baolu.lu@...ux.intel.com>,
        David Woodhouse <dwmw2@...radead.org>,
        "Liu, Yi L" <yi.l.liu@...el.com>,
        "Raj, Ashok" <ashok.raj@...el.com>,
        "Christoph Hellwig" <hch@...radead.org>,
        Jean-Philippe Brucker <jean-philippe@...aro.com>,
        Eric Auger <eric.auger@...hat.com>,
        "Jonathan Corbet" <corbet@....net>, jacob.jun.pan@...ux.intel.com
Subject: Re: [PATCH v6 1/6] docs: IOMMU user API

On Wed, 29 Jul 2020 01:18:04 +0000
"Tian, Kevin" <kevin.tian@...el.com> wrote:

> > From: Alex Williamson <alex.williamson@...hat.com>
> > Sent: Wednesday, July 29, 2020 3:20 AM
> >   
> [...]
> > > +
> > > +For example, IOTLB invalidations should always succeed. There is
> > > no +architectural way to report back to the vIOMMU if the UAPI
> > > data is +incompatible. If that happens, in order to guarantee
> > > IOMMU iosolation,  
> > 
> > isolation
> >   
> > > +we have to resort to not giving completion status in vIOMMU.
> > > This may +result in VM hang.
> > > +
> > > +For this reason the following IOMMU UAPIs cannot fail without
> > > +catastrophic effect:
> > > +
> > > +1. Free PASID
> > > +2. Unbind guest PASID
> > > +3. Unbind guest PASID table (SMMU)
> > > +4. Cache invalidate  
> > 
> > I'm not entirely sure what we're trying to assert here.  Clearly
> > cache invalidation can fail and patch 5/6 goes on to add over a
> > dozen checks of the user provided data that return an -errno.  Any
> > user ioctl can fail if the user botches the parameters.  So are we
> > just trying to explain the feature checking that should allow the
> > user to know supported combinations and if they adhere to them,
> > these should not fail?  It's not quite worded to that effect.
> > Thanks, 
> 
> I guess the above wording is messed by what a UAPI should
> behave and whether the vIOMMU reports associated errors.
> UAPI can always fail, as you pointed out. vIOMMU may not
> have a matching error code though, e.g. on Intel VT-d there is no
> error reporting mechanism for cache invalidation. However,
> it is not wise to assert UAPI behavior according to vIOMMU
> definition. An error is an error. vIOMMU should just react to
> UAPI errors according to its architecture definition (e.g. ignore,
> forward to guest, hang, etc.). From this matter I feel above
> section could better be removed.
> 
Yes, I agreed, the scope is not drawn clearly. This section is kind of
the relic of a previous version where responsibility of feature
checking lies with IOMMU UAPI instead of VFIO.

How about just briefly mention that upfront feature checking is
encouraged to avoid complex and catastrophic error at runtime?

I will remove the rest.

> Thanks
> Kevin

[Jacob Pan]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ