| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250811185523.GG377696@ziepe.ca> Date: Mon, 11 Aug 2025 15:55:23 -0300 From: Jason Gunthorpe <jgg@...pe.ca> To: Mostafa Saleh <smostafa@...gle.com> Cc: linux-kernel@...r.kernel.org, kvmarm@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux.dev, maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com, suzuki.poulose@....com, yuzenghui@...wei.com, catalin.marinas@....com, will@...nel.org, robin.murphy@....com, jean-philippe@...aro.org, qperret@...gle.com, tabba@...gle.com, mark.rutland@....com, praan@...gle.com Subject: Re: [PATCH v3 29/29] iommu/arm-smmu-v3-kvm: Add IOMMU ops On Wed, Aug 06, 2025 at 02:10:35PM +0000, Mostafa Saleh wrote: > I am not sure I understand, the SMMU driver will register its IOMMU > ops to probe the devices You couldn't do this. But why do you need the iommu subsystem to help you do probing for the pKVM driver? Today SMMU starts all devices in ABORT mode except for some it scans manually from the fw tables. They switch to identity when the iommu subsystem attaches devices, you can continue to do that by having the paravirt driver tell pkvm when it attaches. What is wrong with this approach? > > > Also I am not sure how that > > > looks from the kernel perspective (do we have 2 struct devices per SMMU?) > > > > I think you'd want to have pkvm bound to the physical struct device > > and then spawn new faux, aux or something devices for the virtualized > > IOMMUs that probes the new paravirt driver. This driver would be fully > > self contained. > > I think it’s hard to reason about this as 2 devices, from my pov it seems > that the pKVM HVCs are a library that can be part of separate common file, > then called from drivers. (with common ops) > Instead of having extra complexity of 2 drivers (KVM and IOMMU PV). > However, I can see the value of that as it totally abstracts the iommu ops > outside the device specific code, I will give it more thought. > But it feels that might be more suitable for a full fledged PV > implementation (as in RFC v1 and v2). Maybe, but I'm feeling sensitive here to not mess up the ARM SMMU driver with this stuff that is honestly looking harder and harder to understand what it is trying to do... If you can keep the pkvm enablement to three drivers: - A pKVM SMMU driver sharing some header files - A the untrusted half of the above driver - A para virt IOMMU driver And not further change the smmu driver beyond making some code sharable it sure would be nice from a maintenance perspective. > I had an offline discussion with Will and Robin and they believe it might > be better if we get rid of the kernel KVM SMMUv3 driver at all, and just > rely on ARM_SMMU_V3 + extra hooks, so there is a single driver managing > the SMMUs in the system. > This way we don’t need to split current SMMUv3 or have different IOMMU ops, > and reduces some of the duplication, also that avoids the need for a fake device. > > Then we have an extra file for KVM with some of the hooks (similar to the > hooks in arm_smmu_impl_ops we have for tegra) > > And that might be more suitable for nesting also, to avoid the bind/unbind flow. > > I will investigate that and if feasible I will send v4 (hopefully > shortly) based on this idea, otherwise I will see if we can separate > KVM code and SMMU bootstrap code. Maybe, not sure what exactly you imagine here.. You still have your para virt driver, yes? This especially is what bothers me, I don't think you should have a para virt driver for pkvm hidden inside the smmu driver at all. And if we have a smmu driver that optionally doesn't register with the iommu subsystem at all - that seems unwise.. Jason
Powered by blists - more mailing lists