| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Dec 2021 09:23:13 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: "Tian, Kevin" <kevin.tian@...el.com>
Cc: "peter.maydell@...aro.org" <peter.maydell@...aro.org>,
"lushenming@...wei.com" <lushenming@...wei.com>,
"robin.murphy@....com" <robin.murphy@....com>,
"Raj, Ashok" <ashok.raj@...el.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
"maz@...nel.org" <maz@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"vsethi@...dia.com" <vsethi@...dia.com>,
"alex.williamson@...hat.com" <alex.williamson@...hat.com>,
"wangxingang5@...wei.com" <wangxingang5@...wei.com>,
"vivek.gautam@....com" <vivek.gautam@....com>,
"zhangfei.gao@...aro.org" <zhangfei.gao@...aro.org>,
"eric.auger.pro@...il.com" <eric.auger.pro@...il.com>,
"will@...nel.org" <will@...nel.org>,
"kvmarm@...ts.cs.columbia.edu" <kvmarm@...ts.cs.columbia.edu>
Subject: Re: [RFC v16 1/9] iommu: Introduce attach/detach_pasid_table API
On Fri, Dec 10, 2021 at 08:56:56AM +0000, Tian, Kevin wrote:
> > So, something like vfio pci would implement three uAPI operations:
> > - Attach page table to RID
> > - Attach page table to PASID
> > - Attach page table to RID and all PASIDs
> > And here 'page table' is everything below the STE in SMMUv3
> >
> > While mdev can only support:
> > - Access emulated page table
> > - Attach page table to PASID
>
> mdev is a pci device from user p.o.v, having its vRID and vPASID. From
> this angle the uAPI is no different from vfio-pci (except the ARM one):
No, it isn't. The internal operation is completely different, and it
must call different iommufd APIs than vfio-pci does.
This is user visible - mdev can never be attached to an ARM user page
table, for instance.
For iommufd there is no vRID, vPASID or any confusing stuff like
that. You'll have an easier time if you stop thinking in these terms.
We probably end up with three iommufd calls:
int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id, unsigned int flags)
int iommufd_device_attach_pasid(struct iommufd_device *idev, u32 *pt_id, unsigned int flags, ioasid_t *pasid)
int iommufd_device_attach_sw_iommu(struct iommufd_device *idev, u32 pt_id);
And the uAPI from VFIO must map onto them.
vfio-pci:
- 'VFIO_SET_CONTAINER' does
iommufd_device_attach(idev, &pt_id, IOMMUFD_FULL_DEVICE);
# IOMMU specific if this captures PASIDs or cause them to fail,
# but IOMMUFD_FULL_DEVICE will prevent attaching any PASID
# later on all iommu's.
vfio-mdev:
- 'VFIO_SET_CONTAINER' does one of:
iommufd_device_attach_pasid(idev, &pt_id, IOMMUFD_ASSIGN_PASID, &pasid);
iommufd_device_attach_sw_iommu(idev, pt_id);
That is three of the cases.
Then we have new ioctls for the other cases:
vfio-pci:
- 'bind only the RID, so we can use PASID'
iommufd_device_attach(idev, &pt_id, 0);
- 'bind to a specific PASID'
iommufd_device_attach_pasid(idev, &pt_id, 0, &pasid);
vfio-mdev:
- 'like VFIO_SET_CONTAINER but bind to a specific PASID'
iommufd_device_attach_pasid(idev, &pt_id, 0, &pasid);
The iommu driver will block attachments that are incompatible, ie ARM
user page tables only work with:
iommufd_device_attach(idev, &pt_id, IOMMUFD_FULL_DEVICE)
all other calls fail.
How exactly we put all of this into new ioctls, I'm not sure, but it
does seem pretty clear this is what the iommufd kAPI will need to look
like to cover the cases we know about already.
As you can see, userpace needs to understand what mode it is operating
in. If it does IOMMUFD_FULL_DEVICE and manages PASID somehow in
userspace, or it doesn't and can use the iommufd_device_attach_pasid()
paths.
> Is modeling like above considered ambiguous?
You've skipped straight to the ioctls without designing the kernel API
to meet all the requirements :)
Jason
Powered by blists - more mailing lists