lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <59fe0bf4-76e2-43cb-84e7-e044c2407c4c@linux.intel.com>
Date: Mon, 2 Sep 2024 10:34:08 +0800
From: Baolu Lu <baolu.lu@...ux.intel.com>
To: Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
 Robin Murphy <robin.murphy@....com>, Jason Gunthorpe <jgg@...pe.ca>,
 Kevin Tian <kevin.tian@...el.com>
Cc: baolu.lu@...ux.intel.com, iommu@...ts.linux.dev,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 0/7] iommu/vt-d: Convert to use static identity domain

On 8/9/24 1:54 PM, Lu Baolu wrote:
> Intel's IOMMU driver used a special domain called 1:1 mapping domain to
> support the domain of type IOMMU_DOMAIN_IDENTITY, which enables device
> drivers to directly utilize physical addresses for DMA access despite
> the presence of IOMMU units.
> 
> The implementation of the 1:1 mapping domain is influenced by hardware
> differences. While modern Intel VT-d implementations support hardware
> passthrough translation mode, earlier versions lacked this feature,
> which requires a more complex implementation approach.
> 
> The 1:1 mapping domain for earlier hardware was implemented by associating
> a DMA domain with an IOVA (IO Virtual Address) equivalent to the
> physical address. While, for most hardware supporting passthrough mode,
> simply setting the hardware's passthrough mode is sufficient. These two
> modes were merged together in si_domain, which is a special DMA domain
> sharing the domain ops of an ordinary DMA domain.
> 
> As the iommu core has evolved, it has introduced global static identity
> domain with "never fail" attach semantics. This means that the domain is
> always available and cannot fail to attach. The iommu driver now assigns
> this domain directly at iommu_ops->identity_domain instead of allocating
> it through the domain allocation interface.
> 
> This converts the Intel IOMMU driver to embrace the global static
> identity domain. For early legacy hardwares that don't support
> passthrough translation mode, ask the iommu core to use a DMA type of
> default domain. For modern hardwares that support passthrough
> translation mode, implement a static global identity domain.
> 
> The whole series is also available at
> 
> https://github.com/LuBaolu/intel-iommu/commits/vtd-static-identity-domain-v4
> 
> Change log:
> v4:
>   - Add a new patch to remove has_iotlb_device flag as suggested by
>     Jason.
>     https://lore.kernel.org/linux-iommu/20240807121712.GD8473@ziepe.ca/
> 
> v3:https://lore.kernel.org/linux-iommu/20240806023941.93454-1-baolu.lu@linux.intel.com/
>   - Kevin worried that some graphic devices might still require identity
>     domain. Forcing DMA domain for those drivers might break the existing
>     functionality.
>     https://lore.kernel.org/linux-iommu/BN9PR11MB52761FF9AB496B422596DDDF8C8AA@BN9PR11MB5276.namprd11.prod.outlook.com/
> 
>     After confirmed with the graphic community, we decouple "igfx_off"
>     kernel command from graphic identity mapping with the following commits:
>     ba00196ca41c ("iommu/vt-d: Decouple igfx_off from graphic identity mapping")
>     4b8d18c0c986 ("iommu/vt-d: Remove INTEL_IOMMU_BROKEN_GFX_WA").
> 
> v2:https://lore.kernel.org/linux-iommu/20231205012203.244584-1-baolu.lu@linux.intel.com/
>   - Re-orgnize the patches by removing 1:1 mappings before implementing
>     global static domain.
> 
> v1:https://lore.kernel.org/linux-iommu/20231120112944.142741-1-baolu.lu@linux.intel.com/  
> 
> Lu Baolu (7):
>    iommu/vt-d: Require DMA domain if hardware not support passthrough
>    iommu/vt-d: Remove identity mappings from si_domain
>    iommu/vt-d: Always reserve a domain ID for identity setup
>    iommu/vt-d: Remove has_iotlb_device flag
>    iommu/vt-d: Factor out helpers from domain_context_mapping_one()
>    iommu/vt-d: Add support for static identity domain
>    iommu/vt-d: Cleanup si_domain
> 
>   drivers/iommu/intel/iommu.h  |   2 -
>   drivers/iommu/intel/iommu.c  | 468 +++++++++++++++--------------------
>   drivers/iommu/intel/nested.c |   2 -
>   3 files changed, 201 insertions(+), 271 deletions(-)

Queued for v6.12-rc1.

Thanks,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ