lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1683688960.git.nicolinc@nvidia.com>
Date:   Tue, 9 May 2023 20:33:20 -0700
From:   Nicolin Chen <nicolinc@...dia.com>
To:     <jgg@...dia.com>, <robin.murphy@....com>, <will@...nel.org>
CC:     <eric.auger@...hat.com>, <kevin.tian@...el.com>,
        <baolu.lu@...ux.intel.com>, <joro@...tes.org>,
        <shameerali.kolothum.thodi@...wei.com>, <jean-philippe@...aro.org>,
        <linux-arm-kernel@...ts.infradead.org>, <iommu@...ts.linux.dev>,
        <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>,
        <alex.williamson@...hat.com>, <yi.l.liu@...el.com>
Subject: [PATCH v2 00/17] Add Nested Translation Support for SMMUv3

[ This series is rebased on top of v6.4-rc1 merging Jason's iommu_hwpt
  branch and Yi's vfio cdev v11 branch, then the replace v7 series and
  the nesting v2 (candidate) series and Intel VT-d series. Note that
  some of them are still getting finalized. So, there can be potential
  minor API changes that would not be reflected in this series. Yet, we
  can start the review at the SMMU driver specific things.

  @robin, the hw_info patch still requires the errata patch that you
  mentioned. Perhaps we can merge that separately or include it in v3.

  Thanks! ]

Changelog
v2:
 * Added arm_smmu_set_dev_data after the set_dev_data series.
 * Added Jason's patch "vfio: Remove VFIO_TYPE1_NESTING_IOMMU"
 * Replaced the iommu_get_unmanaged_domain() helper with Robin's patch.
 * Reworked the code in arm_smmu_cmdq_build_cmd() to make NH_VA to be
   a superset of NH_VAA.
 * Added inline comments and a bug-report link to the patch unsetting
   dst[2] and dst[3] of STE.
 * Dropped the to_s2_cfg helper since only one place really needs it.
 * Dropped the VMID (override) flag and s2vmid in iommu_hwpt_arm_smmuv3
   structure, because it's expected for user space to use a shared S2
   domain/hwpt for all devices, i.e. the VMID (allocated with the S2
   domain is already unified. If there's some special case that still
   needs a VMID unification, we should probably add it incrementally.
 * Move the introduction of the "struct arm_smmu_domain *s2" function
   parameter to the proper patch.
 * Redefined "struct iommu_hwpt_arm_smmuv3" by adding ste_uptr/len and
   out_event_uptr/len. Then added an arm_smmu_domain_finalise_nested()
   function to read guest Stream Table Entry with a proper sanity.
 * Reworked arm_smmu_cache_invalidate_user() by reading the guest CMDQ
   directly, to support batching. Also, added return value feedback of
   -ETIMEDOUT at CMD_SYNC, and reported CERROR_ILL errors via the CONS
   in the user_data structure.
 * Updated data/functions following the nesting infrastructure updates.
 * Added/fixed multiple comments per v1 review inputs.
v1:
 https://lore.kernel.org/all/cover.1678348754.git.nicolinc@nvidia.com/

--------------------------------------------------------------------------

Hi all,

This series of patches add nested translation support for ARM SMMUv3.

Eric Auger made a huge effort previously with the VFIO uAPIs, and sent
his v16 a year ago. Now, the nested translation should follow the new
IOMMUFD uAPIs design. So, most of the key features are ported from the
privous VFIO solution, and then rebuilt on top of the IOMMUFD nesting
infrastructure.

The essential parts in the driver to support a nested translation are
->hw_info, ->domain_alloc_user and ->cache_invalidate_user ops. So this
series fundamentally adds these three functions in the SMMUv3 driver,
along with several preparations and cleanups for them.

One unique requirement for SMMUv3 nested translation support is the MSI
doorbell address translation, which is a 2-stage translation too. And,
to working with the ITS driver, an msi_cookie needs to be setup on the
kernel-managed domain, the stage-2 domain of the nesting setup. And the
same msi_cookie will be fetched, via iommu_dma_get_msi_mapping_domain(),
in the iommu core to allocate and creates IOVA mappings for MSI doorbell
page(s). However, with the nesting design, the device is attached to a
user-managed domain, the stage-1 domain. So both the setup and fetching
of the msi_cookie would not work at the level of stage-2 domain. Thus,
on both sides, the msi_cookie setup and fetching require a redirection
of the domain pointer. It's easy to do so in iommufd core, but needs a
new op in the iommu core and driver.

You can also find this series on the Github:
https://github.com/nicolinc/iommufd/commits/iommufd_nesting-v2

The kernel branch is tested with this QEMU branch:
https://github.com/nicolinc/qemu/commits/wip/iommufd_rfcv4+nesting+smmuv3-v2

Thanks!
Nicolin Chen

Eric Auger (2):
  iommu/arm-smmu-v3: Unset corresponding STE fields when s2_cfg is NULL
  iommu/arm-smmu-v3: Add STRTAB_STE_0_CFG_NESTED for 2-stage translation

Jason Gunthorpe (1):
  vfio: Remove VFIO_TYPE1_NESTING_IOMMU

Nicolin Chen (13):
  iommufd: Add nesting related data structures for ARM SMMUv3
  iommufd/device: Setup MSI on kernel-managed domains
  iommu/arm-smmu-v3: Add arm_smmu_hw_info
  iommu/arm-smmu-v3: Add arm_smmu_set/unset_dev_user_data
  iommu/arm-smmu-v3: Remove ARM_SMMU_DOMAIN_NESTED
  iommu/arm-smmu-v3: Allow ARM_SMMU_DOMAIN_S1 stage to access s2_cfg
  iommu/arm-smmu-v3: Add s1dss in struct arm_smmu_s1_cfg
  iommu/arm-smmu-v3: Pass in user_cfg to arm_smmu_domain_finalise
  iommu/arm-smmu-v3: Add arm_smmu_domain_alloc_user
  iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED type of allocations
  iommu/arm-smmu-v3: Implement arm_smmu_get_msi_mapping_domain
  iommu/arm-smmu-v3: Add CMDQ_OP_TLBI_NH_VAA and CMDQ_OP_TLBI_NH_ALL
  iommu/arm-smmu-v3: Add arm_smmu_cache_invalidate_user

Robin Murphy (1):
  iommu/dma: Support MSIs through nested domains

 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 461 ++++++++++++++++++--
 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h |  11 +-
 drivers/iommu/arm/arm-smmu/arm-smmu.c       |  16 -
 drivers/iommu/dma-iommu.c                   |  18 +-
 drivers/iommu/iommu.c                       |  10 -
 drivers/iommu/iommufd/device.c              |   5 +-
 drivers/iommu/iommufd/main.c                |   1 +
 drivers/iommu/iommufd/vfio_compat.c         |   7 +-
 drivers/vfio/vfio_iommu_type1.c             |  12 +-
 include/linux/iommu.h                       |   7 +-
 include/uapi/linux/iommufd.h                |  83 ++++
 include/uapi/linux/vfio.h                   |   2 +-
 12 files changed, 538 insertions(+), 95 deletions(-)

-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ