| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aIt67bOzp6XS_yO-@google.com> Date: Thu, 31 Jul 2025 14:17:17 +0000 From: Mostafa Saleh <smostafa@...gle.com> To: Jason Gunthorpe <jgg@...pe.ca> Cc: linux-kernel@...r.kernel.org, kvmarm@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux.dev, maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com, suzuki.poulose@....com, yuzenghui@...wei.com, catalin.marinas@....com, will@...nel.org, robin.murphy@....com, jean-philippe@...aro.org, qperret@...gle.com, tabba@...gle.com, mark.rutland@....com, praan@...gle.com Subject: Re: [PATCH v3 29/29] iommu/arm-smmu-v3-kvm: Add IOMMU ops On Wed, Jul 30, 2025 at 01:47:52PM -0300, Jason Gunthorpe wrote: > On Wed, Jul 30, 2025 at 03:07:14PM +0000, Mostafa Saleh wrote: > > On Wed, Jul 30, 2025 at 11:42:53AM -0300, Jason Gunthorpe wrote: > > > On Mon, Jul 28, 2025 at 05:53:16PM +0000, Mostafa Saleh wrote: > > > > Register the SMMUv3 through IOMMU ops, that only support identity > > > > domains. This allows the driver to know which device are currently used > > > > to properly enable/disable then. > > > > > > > > Signed-off-by: Mostafa Saleh <smostafa@...gle.com> > > > > --- > > > > .../iommu/arm/arm-smmu-v3/arm-smmu-v3-kvm.c | 92 ++++++++++++++++++- > > > > 1 file changed, 91 insertions(+), 1 deletion(-) > > > > > > Can you split the new iommu subysstem driver out please? I think I > > > asked this before. > > > > Sorry, maybe I misunderstood, do you mean split this patch into multiple > > patches or split all KVM SMMUv3 driver out of this series? > > Yes the latter, the iommu driver introduction is best as its own > series I thought about that but I was worried the maintainers wouldn't like introducing the infrastructure first in the hypervisor without a user. I am open to split this, but let’s see what they think. > > > > - Domain attachment looks questionable. Please do not have > > > attach/detach language at all in the hypervisor facing API. > > > > I am not sure I understand this one, the hypervisor API has no > > attach/detach APIs? > > We only notify the hypervisor via “enable/disable” hypercalls when > > devices are attached or released (as only IDENTITY DOMAIN is supported) > > so it can enable or disable translation. > > Same difference, different words.. We've had trouble with this kind of > ambiguous language. > > attach identity > attach blocking > > Keep it clean and simple Makes sense, from the kernel point of view it will be attached to identity/blocking domains, but the hypervisor api is just enable/disable HVC as it doesn’t know what is a domain. If terminology is really a problem, I can make it one hypercall as “set_state” with on/off or identity/blocking > > > > - Get the ordering and APIs right so replace works. You need this to support RMRs > > > > I see, we can’t support bypass for security reasons, but we can enable > > the identity map for such devices. > > You will have a small issue if the bootup has the pkvm side put the > device into a blocking translation then later switches to an > "identity". > > As far as I understand it display scan out buffers have to be > continuously hitlessly mapped. So you want all the transitions from > bootup bypass, pkvm isolation, "identity", etc to continuously > hitlessly map the RMRs containing the buffers. > > I think :) I think that would be hard with pKVM, maybe it’s possible to achieve that seamingless, we would need to export such devices to pKVM at boot before de-privilege. TBH, I am not sure what hardware does that. So, another option is to fail gracefully if RMR exists (which falls back to the current driver) and then pKVM would run with DMA isolation, which is the status quo. And then RMR support for pKVM can be added later if there is interset. > > > > - Use a blocking domain not some unclear detatch idea > > > > There is not a single detach in this driver, we only support attach and release > > operation, which just goes to the hypervisor as enable/disable > > identity. > > 'disable' then. > > > > - Use a blocking domain for release > > > > I see, I can add “blocked_domain” similar to “arm_smmu_blocked_domain” > > which just disables the device translation, I will look into, I am just > > concerned it's more code as this driver only supports a single domain > > type. > > Yes, this is the right thing. There should not be operations in the > driver that change the underyling translation that are anything other > than attaching domains. It becomes too hard to maintain. Will do as mentioned above. > > > > > - Use the smmu-v3 approach for the fwspec, don't store things in the drvdata. > > > > This is using “dev_iommu_fwspec_get” similar to the SMMUv3 driver, > > am I missing something? > > Oh I got it confused, you are just calling > > + .device_group = arm_smmu_device_group, > + .of_xlate = arm_smmu_of_xlate, > + .get_resv_regions = arm_smmu_get_resv_regions, > > Which is also weird, why does an entirely new driver call 4 random functions > in arm smmu? > > Maybe don't, they are all trivial functions, or you don't need > them. For example you don't need MSI_IOVA_BASE if the driver doesn't > support paging. > They are not random, as part of this series the SMMUv3 driver is split where some of the code goes to “arm-smmu-v3-common.c” which is used by both drivers, this reduces a lot of duplication. I am not sure if we need get_resv_regions, maybe it's useful for sysfs "/sys/kernel/iommu_groups/reserved_regions"? I will double check. Thanks, Mostafa > Jason
Powered by blists - more mailing lists