| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230928071528.26258-1-yi.l.liu@intel.com>
Date: Thu, 28 Sep 2023 00:15:22 -0700
From: Yi Liu <yi.l.liu@...el.com>
To: joro@...tes.org, alex.williamson@...hat.com, jgg@...dia.com,
kevin.tian@...el.com, robin.murphy@....com,
baolu.lu@...ux.intel.com
Cc: cohuck@...hat.com, eric.auger@...hat.com, nicolinc@...dia.com,
kvm@...r.kernel.org, mjrosato@...ux.ibm.com,
chao.p.peng@...ux.intel.com, yi.l.liu@...el.com,
yi.y.sun@...ux.intel.com, peterx@...hat.com, jasowang@...hat.com,
shameerali.kolothum.thodi@...wei.com, lulu@...hat.com,
suravee.suthikulpanit@....com, iommu@...ts.linux.dev,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
zhenzhong.duan@...el.com, joao.m.martins@...cle.com
Subject: [PATCH v2 0/6] iommufd support allocating nested parent domain
IOMMU hardwares that support nested translation would have two stages
address translation (normally mentioned as stage-1 and stage-2). The page
table formats of the stage-1 and stage-2 can be different. e.g., VT-d has
different page table formats for stage-1 and stage-2.
Nested parent domain is the iommu domain used to represent the stage-2
translation. In IOMMUFD, both stage-1 and stage-2 translation are tracked
as HWPT (a.k.a. iommu domain). Stage-2 HWPT is parent of stage-1 HWPT as
stage-1 cannot work alone in nested translation. In the cases of stage-1 and
stage-2 page table format are different, the parent HWPT should use exactly
the stage-2 page table format. However, the existing kernel hides the format
selection in iommu drivers, so the domain allocated via IOMMU_HWPT_ALLOC can
use either stage-1 page table format or stage-2 page table format, there is
no guarantees for it.
To enforce the page table format of the nested parent domain, this series
introduces a new iommu op (domain_alloc_user) which can accept user flags
to allocate domain as userspace requires. It also converts IOMMUFD to use
the new domain_alloc_user op for domain allocation if supported, then extends
the IOMMU_HWPT_ALLOC ioctl to pass down a NEST_PARENT flag to allocate a HWPT
which can be used as parent. This series implements the new op in Intel iommu
driver to have a complete picture. It is a preparation for adding nesting
support in IOMMUFD/IOMMU.
Complete code can be found:
https://github.com/yiliu1765/iommufd/tree/iommufd_alloc_user_v2
Change log:
v2:
- Require domain_alloc_user op if IOMMU_HWPT_ALLOC passes non-zero flags (Kevin)
- IOMMUFD core should check kernel known flags while iommu driver needs
to check supported flags as well (Jason)
- Minor tweaks per Baolu's comment
v1: https://lore.kernel.org/linux-iommu/20230919092523.39286-1-yi.l.liu@intel.com/
Regards,
Yi Liu
Yi Liu (6):
iommu: Add new iommu op to create domains owned by userspace
iommufd/hw_pagetable: Use domain_alloc_user op for domain allocation
iommufd/hw_pagetable: Accepts user flags for domain allocation
iommufd/hw_pagetable: Support allocating nested parent domain
iommufd/selftest: Add domain_alloc_user() support in iommu mock
iommu/vt-d: Add domain_alloc_user op
drivers/iommu/intel/iommu.c | 28 +++++++++++++++++
drivers/iommu/iommufd/device.c | 2 +-
drivers/iommu/iommufd/hw_pagetable.c | 31 ++++++++++++++-----
drivers/iommu/iommufd/iommufd_private.h | 3 +-
drivers/iommu/iommufd/selftest.c | 19 ++++++++++++
include/linux/iommu.h | 11 ++++++-
include/uapi/linux/iommufd.h | 12 ++++++-
tools/testing/selftests/iommu/iommufd.c | 24 +++++++++++---
.../selftests/iommu/iommufd_fail_nth.c | 2 +-
tools/testing/selftests/iommu/iommufd_utils.h | 11 +++++--
10 files changed, 124 insertions(+), 19 deletions(-)
--
2.34.1
Powered by blists - more mailing lists