lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240809184136.GL8378@nvidia.com>
Date: Fri, 9 Aug 2024 15:41:36 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: Robin Murphy <robin.murphy@....com>
Cc: "Tian, Kevin" <kevin.tian@...el.com>,
	Nicolin Chen <nicolinc@...dia.com>,
	"joro@...tes.org" <joro@...tes.org>,
	"will@...nel.org" <will@...nel.org>,
	"shuah@...nel.org" <shuah@...nel.org>,
	"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH v2 2/3] iommu/dma: Support MSIs through nested domains

On Thu, Aug 08, 2024 at 01:38:44PM +0100, Robin Murphy wrote:
> On 06/08/2024 9:25 am, Tian, Kevin wrote:
> > > From: Nicolin Chen <nicolinc@...dia.com>
> > > Sent: Saturday, August 3, 2024 8:32 AM
> > > 
> > > From: Robin Murphy <robin.murphy@....com>
> > > 
> > > Currently, iommu-dma is the only place outside of IOMMUFD and drivers
> > > which might need to be aware of the stage 2 domain encapsulated within
> > > a nested domain. This would be in the legacy-VFIO-style case where we're
> > 
> > why is it a legacy-VFIO-style? We only support nested in IOMMUFD.
> 
> Because with proper nesting we ideally shouldn't need the host-managed MSI
> mess at all, which all stems from the old VFIO paradigm of completely
> abstracting interrupts from userspace. I'm still hoping IOMMUFD can grow its
> own interface for efficient MSI passthrough, where the VMM can simply map
> the physical MSI doorbell into whatever IPA (GPA) it wants it to appear at
> in the S2 domain, then whatever the guest does with S1 it can program the
> MSI address into the endpoint accordingly without us having to fiddle with
> it.

+1

I don't have a staged plan to do this though. Getting the ITS page
into the S2 at a user specified address should be simple enough to
manage.

The bigger issue is that we still have the hypervisor GIC driver
controlling things and it will need to know to use the guest provided
MSI address captured during the MSI trap, not its own address. I don't
have an idea how to connect those two parts yet.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ