lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BN9PR11MB527663567ECB8AD52D3170818C5CA@BN9PR11MB5276.namprd11.prod.outlook.com>
Date:   Tue, 20 Jun 2023 01:43:42 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Jason Gunthorpe <jgg@...dia.com>
CC:     "Liu, Yi L" <yi.l.liu@...el.com>,
        "joro@...tes.org" <joro@...tes.org>,
        "alex.williamson@...hat.com" <alex.williamson@...hat.com>,
        "robin.murphy@....com" <robin.murphy@....com>,
        "baolu.lu@...ux.intel.com" <baolu.lu@...ux.intel.com>,
        "cohuck@...hat.com" <cohuck@...hat.com>,
        "eric.auger@...hat.com" <eric.auger@...hat.com>,
        "nicolinc@...dia.com" <nicolinc@...dia.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "mjrosato@...ux.ibm.com" <mjrosato@...ux.ibm.com>,
        "chao.p.peng@...ux.intel.com" <chao.p.peng@...ux.intel.com>,
        "yi.y.sun@...ux.intel.com" <yi.y.sun@...ux.intel.com>,
        "peterx@...hat.com" <peterx@...hat.com>,
        "jasowang@...hat.com" <jasowang@...hat.com>,
        "shameerali.kolothum.thodi@...wei.com" 
        <shameerali.kolothum.thodi@...wei.com>,
        "lulu@...hat.com" <lulu@...hat.com>,
        "suravee.suthikulpanit@....com" <suravee.suthikulpanit@....com>,
        "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
        "Duan, Zhenzhong" <zhenzhong.duan@...el.com>
Subject: RE: [PATCH v2 00/11] iommufd: Add nesting infrastructure

> From: Jason Gunthorpe <jgg@...dia.com>
> Sent: Monday, June 19, 2023 8:37 PM
> 
> On Fri, Jun 16, 2023 at 02:43:13AM +0000, Tian, Kevin wrote:
> > > From: Jason Gunthorpe <jgg@...dia.com>
> > > Sent: Tuesday, June 6, 2023 10:18 PM
> > >
> > > > > > It's not necessarily to add reserved regions to the IOAS of the parent
> > > > > > hwpt since the device doesn't access that address space after it's
> > > > > > attached to stage-1. The parent is used only for address translation
> > > > > > in the iommu side.
> > > > >
> > > > > But if we don't put them in the IOAS of the parent there is no way for
> > > > > userspace to learn what they are to forward to the VM ?
> > > >
> > > > emmm I wonder whether that is the right interface to report
> > > > per-device reserved regions.
> > >
> > > The iommu driver needs to report different reserved regions for the S1
> > > and S2 iommu_domains,
> >
> > I can see the difference between RID and RID+PASID, but not sure whether
> > it's a actual requirement regarding to attached domain.
> 
> No, it isn't RID or RID+PASID here
> 
> The S2 has a different set of reserved regsions than the S1 because
> the S2's IOVA does not appear on the bus.
> 
> So the S2's reserved regions are entirely an artifact of how the IOMMU
> HW itself works when nesting.
> 
> We can probably get by with some documented slightly messy rules that
> the reserved_regions only applies to directly RID attached domains. S2
> and PASID attachments always have no reserved spaces.
> 
> > When talking about RID-based nesting alone, ARM needs to add reserved
> > regions to the parent IOAS as identity is a valid S1 mode in nesting.
> 
> No, definately not. The S2 has no reserved regions because it is an
> internal IOVA, and we should not abuse that.
> 
> Reflecting the requirements for an identity map is something all iommu
> HW needs to handle, we should figure out how to do that properly.

I wonder whether we have argued passed each other.

This series adds reserved regions to S2. I challenged the necessity as
S2 is not directly accessed by the device.

Then you replied that doing so still made sense to support identity S1.

But now looks you also agree that reserved regions should not be 
added to S2 except supporting identity S1 needs more thought?

> 
> > But for Intel RID nesting excludes identity (which becomes a direct
> > attach to S2) so the reserved regions apply to S1 instead of the parent IOAS.
> 
> IIRC all the HW models will assign their S2's as a RID attached "S1"
> during boot time to emulate "no translation"?

I'm not sure what it means...

> 
> They all need to learn what the allowed identiy mapping is so that the
> VMM can construct a compatible guest address space, independently of
> any IOAS restrictions.
> 

Intel VT-d supports 4 configurations:
  - passthrough (i.e. identity mapped)
  - S1 only
  - S2 only
  - nested

'S2 only' is used when vIOMMU is configured in passthrough.

'nested' is used when vIOMMU is configured in 'S1 only'.

So in any case 'identity' is not a business of nesting in the VT-d context.

My understanding of ARM SMMU is that from host p.o.v. the CD is the
S1 in the nested configuration. 'identity' is one configuration in the CD
then it's in the business of nesting.

My preference was that ALLOC_HWPT allows vIOMMU to opt whether
reserved regions of dev_id should be added to the IOAS of the parent
S2 hwpt.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ