lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <05abb68286dd4bc17b243130d7982a334503095b.camel@infradead.org>
Date: Thu, 03 Apr 2025 09:06:37 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: virtio-comment@...ts.linux.dev, mst@...hat.com, Claire Chang
 <tientzu@...omium.org>, linux-devicetree <devicetree@...r.kernel.org>, Rob
 Herring <robh+dt@...nel.org>, Jörg Roedel
 <joro@...tes.org>,  iommu@...ts.linux-foundation.org,
 linux-kernel@...r.kernel.org, graf@...zon.de
Subject: Re: [RFC PATCH 1/3] content: Add VIRTIO_F_SWIOTLB to negotiate use
 of SWIOTLB bounce buffers

On Thu, 2025-04-03 at 00:35 -0700, Christoph Hellwig wrote:
> On Thu, Apr 03, 2025 at 08:28:19AM +0100, David Woodhouse wrote:
> > Linux has 'SWIOTLB' support, but I didn't see it as a term specific to
> > that particular implementation; it seemed like a concept would would be
> > understood elsewhere. But sure, I'm happy to rename it to just 'bounce
> > buffers' or something like that. I'll see what I can come up with that
> > is succinct enough to use in VIRTIO_F_xxx and VIRTIO_PCI_CAP_xxx names.
> 
> I think you still miss the point.
> 
> What you describing is either:
> 
>  1) A BAR (or BAR-like region on MMIO) that can be used to stage
>     indirect I/O
> 
> and
> 
>  2a) a device that doesn't have any DMA capabilities, but instead
>      requires use for the above staging region
> 
> and/or
> 
>  2b) a system configuration where devices are prevented from accessing
>      guest memory
>  
> 1) makes perfect sense in virtio.  It is the equivalent of the NVMe CMB
> and similar features on various devices.
> 
> 2a) would make sense if we actually have such devices and not just
> system configs, which I doubt.
> 
> 2b) is the job of ACPI or DT to communicate, not that of virtio
> 

I am designing virtual systems, with the constraint in your (2b):
The virtual devices implemented in the *VMM* are prevented from
accessing guest memory. (Physical devices are actually fine because
there's a two-stage IOMMU which copes with those.)

I am describing the solution in your (1): Give them an on-device
bounce-buffer.

The implementation of (1) is to offer them a device which doesn't have
DMA capabilities (because *I* as the system designer know that it can't
use them). Which is your (2a).

You are right, in theory, that (2b) is the job of ACPI or DT to
communicate. But virtio is presented as just another PCI device,
indistinguishable by the guest from other PCI devices which *are*
actually able to do DMA through the hardware's two-stage IOMMU.

To my knowledge there isn't a clean way, across platforms, to tell an
operating system that a certain device just *can't* do DMA at all. And
even if there was, why offer a device model that could *theoretically*
do DMA, just to tell the guest through some other channel that it
can't?

What's wrong with a simple option to indicate, in the device model that
the system designer chooses to build for the guest, that it can't do
DMA?

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5069 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ