lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YrJYhIiivpiJ1t4f@Asurada-Nvidia>
Date:   Tue, 21 Jun 2022 16:47:16 -0700
From:   Nicolin Chen <nicolinc@...dia.com>
To:     Alex Williamson <alex.williamson@...hat.com>
CC:     <joro@...tes.org>, <will@...nel.org>, <marcan@...can.st>,
        <sven@...npeter.dev>, <robin.murphy@....com>,
        <robdclark@...il.com>, <baolu.lu@...ux.intel.com>,
        <matthias.bgg@...il.com>, <orsonzhai@...il.com>,
        <baolin.wang7@...il.com>, <zhang.lyra@...il.com>,
        <jean-philippe@...aro.org>, <jgg@...dia.com>,
        <kevin.tian@...el.com>, <suravee.suthikulpanit@....com>,
        <alyssa@...enzweig.io>, <dwmw2@...radead.org>,
        <yong.wu@...iatek.com>, <mjrosato@...ux.ibm.com>,
        <gerald.schaefer@...ux.ibm.com>, <thierry.reding@...il.com>,
        <vdumpa@...dia.com>, <jonathanh@...dia.com>, <cohuck@...hat.com>,
        <thunder.leizhen@...wei.com>, <tglx@...utronix.de>,
        <christophe.jaillet@...adoo.fr>, <john.garry@...wei.com>,
        <chenxiang66@...ilicon.com>, <saiprakash.ranjan@...eaurora.org>,
        <isaacm@...eaurora.org>, <yangyingliang@...wei.com>,
        <jordan@...micpenguin.net>, <iommu@...ts.linux-foundation.org>,
        <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-arm-msm@...r.kernel.org>,
        <linux-mediatek@...ts.infradead.org>, <linux-s390@...r.kernel.org>,
        <linux-tegra@...r.kernel.org>,
        <virtualization@...ts.linux-foundation.org>, <kvm@...r.kernel.org>
Subject: Re: [PATCH v2 2/5] vfio/iommu_type1: Prefer to reuse domains vs
 match enforced cache coherency

On Tue, Jun 21, 2022 at 04:46:02PM -0600, Alex Williamson wrote:
> External email: Use caution opening links or attachments
> 
> 
> On Wed, 15 Jun 2022 17:03:01 -0700
> Nicolin Chen <nicolinc@...dia.com> wrote:
> 
> > From: Jason Gunthorpe <jgg@...dia.com>
> >
> > The KVM mechanism for controlling wbinvd is based on OR of the coherency
> > property of all devices attached to a guest, no matter those devices are
> > attached to a single domain or multiple domains.
> >
> > So, there is no value in trying to push a device that could do enforced
> > cache coherency to a dedicated domain vs re-using an existing domain
> > which is non-coherent since KVM won't be able to take advantage of it.
> > This just wastes domain memory.
> >
> > Simplify this code and eliminate the test. This removes the only logic
> > that needed to have a dummy domain attached prior to searching for a
> > matching domain and simplifies the next patches.
> >
> > It's unclear whether we want to further optimize the Intel driver to
> > update the domain coherency after a device is detached from it, at
> > least not before KVM can be verified to handle such dynamics in related
> > emulation paths (wbinvd, vcpu load, write_cr0, ept, etc.). In reality
> > we don't see an usage requiring such optimization as the only device
> > which imposes such non-coherency is Intel GPU which even doesn't
> > support hotplug/hot remove.
> 
> The 2nd paragraph above is quite misleading in this respect.  I think
> it would be more accurate to explain that the benefit to using separate
> domains was that devices attached to domains supporting enforced cache
> coherency always mapped with the attributes necessary to provide that
> feature, therefore if a non-enforced domain was dropped, the associated
> group removal would re-trigger an evaluation by KVM.  We can then go on
> to discuss that in practice the only known cases of such mixed domains
> included an Intel IGD device behind an IOMMU lacking snoop control,
> where such devices do not support hotplug, therefore this scenario lacks
> testing and is not considered sufficiently relevant to support.  Thanks,

Thanks for the input. I integrated that into the commit log:

    vfio/iommu_type1: Prefer to reuse domains vs match enforced cache coherency

    The KVM mechanism for controlling wbinvd is based on OR of the coherency
    property of all devices attached to a guest, no matter whether those
    devices are attached to a single domain or multiple domains.

    On the other hand, the benefit to using separate domains was that those
    devices attached to domains supporting enforced cache coherency always
    mapped with the attributes necessary to provide that feature, therefore
    if a non-enforced domain was dropped, the associated group removal would
    re-trigger an evaluation by KVM.

    In practice however, the only known cases of such mixed domains included
    an Intel IGD device behind an IOMMU lacking snoop control, where such
    devices do not support hotplug, therefore this scenario lacks testing and
    is not considered sufficiently relevant to support.

    After all, KVM won't take advantage of trying to push a device that could
    do enforced cache coherency to a dedicated domain vs re-using an existing
    domain, which is non-coherent.

    Simplify this code and eliminate the test. This removes the only logic
    that needed to have a dummy domain attached prior to searching for a
    matching domain and simplifies the next patches.

    It's unclear whether we want to further optimize the Intel driver to
    update the domain coherency after a device is detached from it, at
    least not before KVM can be verified to handle such dynamics in related
    emulation paths (wbinvd, vcpu load, write_cr0, ept, etc.). In reality
    we don't see an usage requiring such optimization as the only device
    which imposes such non-coherency is Intel GPU which even doesn't
    support hotplug/hot remove.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ