lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <YV1ygu5URvuHB4qb@myrica> Date: Wed, 6 Oct 2021 10:55:14 +0100 From: Jean-Philippe Brucker <jean-philippe@...aro.org> To: Vivek Kumar Gautam <vivek.gautam@....com> Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux-foundation.org, virtualization@...ts.linux-foundation.org, joro@...tes.org, will.deacon@....com, mst@...hat.com, robin.murphy@....com, eric.auger@...hat.com, kevin.tian@...el.com, jacob.jun.pan@...ux.intel.com, yi.l.liu@...el.com, Lorenzo.Pieralisi@....com, shameerali.kolothum.thodi@...wei.com Subject: Re: [PATCH RFC v1 10/11] uapi/virtio-iommu: Add a new request type to send page response On Thu, Sep 30, 2021 at 02:54:05PM +0530, Vivek Kumar Gautam wrote: > > > +struct virtio_iommu_req_page_resp { > > > + struct virtio_iommu_req_head head; > > > + __le32 domain; > > > > I don't think we need this field, since the fault report doesn't come with > > a domain. > > But here we are sending the response which would be consumed by the vfio > ultimately. In kvmtool, I am consuming this "virtio_iommu_req_page_resp" > request in the virtio/iommu driver, extracting the domain from it, and using > that to call the respective "page_response" ops from "vfio_iommu_ops" in the > vfio/core driver. > > Is this incorrect way of passing on the page-response back to the host > kernel? That works for the host userspace-kernel interface because the device is always attached to a VFIO container. For virtio-iommu the domain info is redundant. The endpoint information needs to be kept through the whole response path in order to target the right endpoint in the end. In addition the guest could enable PRI without attaching the endpoint to a domain, or fail to disable PRI before detaching the endpoint. Sure it's weird, but the host can still inject the recoverable page fault in this case, and the guest answers with "invalid" status but no domain. We could mandate domains for recoverable faults but that forces a synchronization against attach/detach and I think it needlessly deviates from other IOMMUs. Thanks, Jean
Powered by blists - more mailing lists