| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Nov 2020 23:27:28 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: "Raj\, Ashok" <ashok.raj@...el.com>,
Christoph Hellwig <hch@...radead.org>
Cc: David Woodhouse <dwmw2@...radead.org>,
Jason Gunthorpe <jgg@...dia.com>,
Dan Williams <dan.j.williams@...el.com>,
"Tian\, Kevin" <kevin.tian@...el.com>,
"Jiang\, Dave" <dave.jiang@...el.com>,
Bjorn Helgaas <helgaas@...nel.org>,
"vkoul\@kernel.org" <vkoul@...nel.org>,
"Dey\, Megha" <megha.dey@...el.com>,
"maz\@kernel.org" <maz@...nel.org>,
"bhelgaas\@google.com" <bhelgaas@...gle.com>,
"alex.williamson\@redhat.com" <alex.williamson@...hat.com>,
"Pan\, Jacob jun" <jacob.jun.pan@...el.com>,
"Liu\, Yi L" <yi.l.liu@...el.com>,
"Lu\, Baolu" <baolu.lu@...el.com>,
"Kumar\, Sanjay K" <sanjay.k.kumar@...el.com>,
"Luck\, Tony" <tony.luck@...el.com>,
"jing.lin\@intel.com" <jing.lin@...el.com>,
"kwankhede\@nvidia.com" <kwankhede@...dia.com>,
"eric.auger\@redhat.com" <eric.auger@...hat.com>,
"parav\@mellanox.com" <parav@...lanox.com>,
"rafael\@kernel.org" <rafael@...nel.org>,
"netanelg\@mellanox.com" <netanelg@...lanox.com>,
"shahafs\@mellanox.com" <shahafs@...lanox.com>,
"yan.y.zhao\@linux.intel.com" <yan.y.zhao@...ux.intel.com>,
"pbonzini\@redhat.com" <pbonzini@...hat.com>,
"Ortiz\, Samuel" <samuel.ortiz@...el.com>,
"Hossain\, Mona" <mona.hossain@...el.com>,
"dmaengine\@vger.kernel.org" <dmaengine@...r.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-pci\@vger.kernel.org" <linux-pci@...r.kernel.org>,
"kvm\@vger.kernel.org" <kvm@...r.kernel.org>,
Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH v4 06/17] PCI: add SIOV and IMS capability detection
On Wed, Nov 11 2020 at 08:09, Ashok Raj wrote:
> On Wed, Nov 11, 2020 at 03:41:59PM +0000, Christoph Hellwig wrote:
>> On Sun, Nov 08, 2020 at 07:36:34PM +0000, David Woodhouse wrote:
>> > So it does look like we're going to need a hypercall interface to
>> > compose an MSI message on behalf of the guest, for IMS to use. In fact
>> > PCI devices assigned to a guest could use that too, and then we'd only
>> > need to trap-and-remap any attempt to write a Compatibility Format MSI
>> > to the device's MSI table, while letting Remappable Format messages get
>> > written directly.
>> >
>> > We'd also need a way for an OS running on bare metal to *know* that
>> > it's on bare metal and can just compose MSI messages for itself. Since
>> > we do expect bare metal to have an IOMMU, perhaps that is just a
>> > feature flag on the IOMMU?
>>
>> Have the platform firmware advertise if it needs native or virtualized
>> IMS handling. If it advertises neither don't support IMS?
>
> The platform hint can be easily accomplished via DMAR table flags. We could
> have an IMS_OPTOUT(similart to x2apic optout flag) flag, when 0 its native
> and IMS is supported.
>
> When vIOMMU is presented to guest, virtual DMAR table will have this flag
> set to 1. Indicates to GuestOS, native IMS isn't supported.
These opt-out bits suck by definition. It comes all back to the fact
that the whole virt thing didn't have a hardware defined way to tell
that the OS runs in a VM and not on bare metal. It wouldn't have been
rocket science to do so.
And because that does not exist, we need magic opt-out bits for every
other piece of functionality which gets added. Can we please stop this
and provide a well defined way to tell the OS whether it runs on bare
metal or not?
The point is that you really want opt-in bits so that decisions come
down to
if (!virt || virt->supports_X)
which is the obvious sane and safe logic. But sure, why am I asking for
sane and safe in the context of virtualization?
Thanks,
tglx
Powered by blists - more mailing lists