lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <380fe58a-934a-4e57-aa18-f4e0841b5fb4@intel.com>
Date: Sun, 29 Sep 2024 15:16:55 +0800
From: Yi Liu <yi.l.liu@...el.com>
To: Nicolin Chen <nicolinc@...dia.com>
CC: <jgg@...dia.com>, <kevin.tian@...el.com>, <will@...nel.org>,
	<joro@...tes.org>, <suravee.suthikulpanit@....com>, <robin.murphy@....com>,
	<dwmw2@...radead.org>, <baolu.lu@...ux.intel.com>, <shuah@...nel.org>,
	<linux-kernel@...r.kernel.org>, <iommu@...ts.linux.dev>,
	<linux-arm-kernel@...ts.infradead.org>, <linux-kselftest@...r.kernel.org>,
	<eric.auger@...hat.com>, <jean-philippe@...aro.org>, <mdf@...nel.org>,
	<mshavit@...gle.com>, <shameerali.kolothum.thodi@...wei.com>,
	<smostafa@...gle.com>
Subject: Re: [PATCH v2 00/19] iommufd: Add VIOMMU infrastructure (Part-1)

On 2024/9/28 04:44, Nicolin Chen wrote:
> On Fri, Sep 27, 2024 at 08:12:20PM +0800, Yi Liu wrote:
>> On 2024/9/27 14:32, Nicolin Chen wrote:
>>> On Fri, Sep 27, 2024 at 01:54:45PM +0800, Yi Liu wrote:
>>>>>>> Baolu told me that Intel may have the same: different domain IDs
>>>>>>> on different IOMMUs; multiple IOMMU instances on one chip:
>>>>>>> https://lore.kernel.org/linux-iommu/cf4fe15c-8bcb-4132-a1fd-b2c8ddf2731b@linux.intel.com/
>>>>>>> So, I think we are having the same situation here.
>>>>>>
>>>>>> yes, it's called iommu unit or dmar. A typical Intel server can have
>>>>>> multiple iommu units. But like Baolu mentioned in that thread, the intel
>>>>>> iommu driver maintains separate domain ID spaces for iommu units, which
>>>>>> means a given iommu domain has different DIDs when associated with
>>>>>> different iommu units. So intel side is not suffering from this so far.
>>>>>
>>>>> An ARM SMMU has its own VMID pool as well. The suffering comes
>>>>> from associating VMIDs to one shared parent S2 domain.
>>>>
>>>> Is this because of the VMID is tied with a S2 domain?
>>>
>>> On ARM, yes. VMID is a part of S2 domain stuff.
>>>
>>>>> Does a DID per S1 nested domain or parent S2? If it is per S2,
>>>>> I think the same suffering applies when we share the S2 across
>>>>> IOMMU instances?
>>>>
>>>> per S1 I think. The iotlb efficiency is low as S2 caches would be
>>>> tagged with different DIDs even the page table is the same. :)
>>>
>>> On ARM, the stage-1 is tagged with an ASID (Address Space ID)
>>> while the stage-2 is tagged with a VMID. Then an invalidation
>>> for a nested S1 domain must require the VMID from the S2. The
>>> ASID may be also required if the invalidation is specific to
>>> that address space (otherwise, broadcast per VMID.)
> 
>> Looks like the nested s1 caches are tagged with both ASID and VMID.
> 
> Yea, my understanding is similar. If both stages are enabled for
> a nested translation, VMID is tagged for S1 cache too.
> 
>>> I feel these two might act somehow similarly to the two DIDs
>>> during nested translations?
>>
>> not quite the same. Is it possible that the ASID is the same for stage-1?
>> Intel VT-d side can have the pasid to be the same. Like the gIOVA, all
>> devices use the same ridpasid. Like the scenario I replied to Baolu[1],
>> do er choose to use different DIDs to differentiate the caches for the
>> two devices.
> 
> On ARM, each S1 domain (either a normal stage-1 PASID=0 domain or
> an SVA PASID>0 domain) has a unique ASID.

I see. Looks like ASID is not the PASID.

> So it unlikely has the
> situation of two identical ASIDs if they are on the same vIOMMU,
> because the ASID pool is per IOMMU instance (whether p or v).
> 
> With two vIOMMU instances, there might be the same ASIDs but they
> will be tagged with different VMIDs.
> 
>> [1]
>> https://lore.kernel.org/linux-iommu/4bc9bd20-5aae-440d-84fd-f530d0747c23@intel.com/
> 
> Is "gIOVA" a type of invalidation that only uses "address" out of
> "PASID, DID and address"? I.e. PASID and DID are not provided via
> the invalidation request, so it's going to broadcast all viommus?

gIOVA is just a term v.s. vSVA. Just want to differentiate it from vSVA. :)
PASID and DID are still provided in the invalidation.

-- 
Regards,
Yi Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ