| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Mar 2022 09:49:01 -0400
From: Matthew Rosato <mjrosato@...ux.ibm.com>
To: Jason Gunthorpe <jgg@...dia.com>
Cc: linux-s390@...r.kernel.org, alex.williamson@...hat.com,
cohuck@...hat.com, schnelle@...ux.ibm.com, farman@...ux.ibm.com,
pmorel@...ux.ibm.com, borntraeger@...ux.ibm.com, hca@...ux.ibm.com,
gor@...ux.ibm.com, gerald.schaefer@...ux.ibm.com,
agordeev@...ux.ibm.com, svens@...ux.ibm.com, frankja@...ux.ibm.com,
david@...hat.com, imbrenda@...ux.ibm.com, vneethv@...ux.ibm.com,
oberpar@...ux.ibm.com, freude@...ux.ibm.com, thuth@...hat.com,
pasic@...ux.ibm.com, joro@...tes.org, will@...nel.org,
pbonzini@...hat.com, corbet@....net, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org,
linux-doc@...r.kernel.org
Subject: Re: [PATCH v4 15/32] vfio: introduce KVM-owned IOMMU type
On 3/14/22 5:38 PM, Jason Gunthorpe wrote:
> On Mon, Mar 14, 2022 at 03:44:34PM -0400, Matthew Rosato wrote:
>
>> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
>> index 9394aa9444c1..0bec97077d61 100644
>> +++ b/drivers/vfio/vfio_iommu_type1.c
>> @@ -77,6 +77,7 @@ struct vfio_iommu {
>> bool nesting;
>> bool dirty_page_tracking;
>> bool container_open;
>> + bool kvm;
>> struct list_head emulated_iommu_groups;
>> };
>>
>> @@ -2203,7 +2204,12 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
>> goto out_free_group;
>>
>> ret = -EIO;
>> - domain->domain = iommu_domain_alloc(bus);
>> +
>> + if (iommu->kvm)
>> + domain->domain = iommu_domain_alloc_type(bus, IOMMU_DOMAIN_KVM);
>> + else
>> + domain->domain = iommu_domain_alloc(bus);
>> +
>> if (!domain->domain)
>> goto out_free_domain;
>>
>> @@ -2552,6 +2558,9 @@ static void *vfio_iommu_type1_open(unsigned long arg)
>> case VFIO_TYPE1v2_IOMMU:
>> iommu->v2 = true;
>> break;
>> + case VFIO_KVM_IOMMU:
>> + iommu->kvm = true;
>> + break;
>
> Same remark for this - but more - this is called KVM but it doesn't
> accept a kvm FD or any thing else to link the domain to the KVM
> in-use.
Right... The name is poor, but with the current design the KVM
association comes shortly after. To summarize, with this series, the
following relevant steps occur:
1) VFIO_SET_IOMMU: Indicate we wish to use the alternate IOMMU domain
-> At this point, the IOMMU will reject any maps (no KVM, no guest
table anchor)
2) KVM ioctl "start":
-> Register the KVM with the IOMMU domain
-> At this point, IOMMU will still reject any maps (no guest table anchor)
3) KVM ioctl "register ioat"
-> Register the guest DMA table head with the IOMMU domain
-> now IOMMU maps are allowed
The rationale for splitting steps 1 and 2 are that VFIO_SET_IOMMU
doesn't have a mechanism for specifying more than the type as an arg,
no? Otherwise yes, you could specify a kvm fd at this point and it
would have some other advantages (e.g. skip notifier). But we still
can't use the IOMMU for mapping until step 3.
The rationale for splitting steps 2 and 3 are twofold: 1) during init,
we simply don't know where the guest anchor will be when we allocate the
domain and 2) because the guest can technically clear and re-initialize
their DMA space during the life of the guest, moving the location of the
table anchor. We would receive another ioctl operation to unregister
the guest table anchor and again reject any map operation until a new
table location is provided.
Powered by blists - more mailing lists