lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251007233931.GD3474167@nvidia.com>
Date: Tue, 7 Oct 2025 20:39:31 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: "Suthikulpanit, Suravee" <suravee.suthikulpanit@....com>
Cc: nicolinc@...dia.com, linux-kernel@...r.kernel.org, robin.murphy@....com,
	will@...nel.org, joro@...tes.org, kevin.tian@...el.com,
	jsnitsel@...hat.com, vasant.hegde@....com, iommu@...ts.linux.dev,
	santosh.shukla@....com, sairaj.arunkodilkar@....com,
	jon.grimm@....com, prashanthpra@...gle.com, wvw@...gle.com,
	wnliu@...gle.com, gptran@...gle.com, kpsingh@...gle.com,
	joao.m.martins@...cle.com, alejandro.j.jimenez@...cle.com
Subject: Re: [PATCH v2 10/12] iommu/amd: Add support for nested domain
 allocation

On Tue, Oct 07, 2025 at 03:36:58PM -0500, Suthikulpanit, Suravee wrote:
> The gDTE[DomainID] field contains guest Domain ID (gDomID). The host IOMMU
> driver uses the gDomId and guest ID (gid) to index the Domain ID mapping
> table, and store the host Domain ID (hDomID) in the table entry. This data
> structure is required by hw to translation gDomID->hDomID to virtualize
> guest invalidation command. This will be part of the upcoming series to
> enable hw-vIOMMU.

Sure, this translation is part of viommu

> This ndom->id is the hDomID, which is currently allocated per-device to
> avoid TLB aliasing i.e. A guest w/ multiple pass-through devices w/ the same
> hDomID (same stage 2 table) and different stage-1 tables with same PASID.
> IOMMU would use the same TLB tag, which results in TLB aliasing issue.
> Therefore, we workaround the issue by allocating per-device hDomID for
> nested domain.

But this is what I mean here, the gDomId should be 1:1 with the hDomId
and here you are making it 1:N.

It has to be like this or you cannot manage invalidation.

Given this series is not really functional it is OK to leave a little
hack I guess, but it is worth noting how it is supposed to work.

It also probably means we should see the viommu series pretty quickly
with a goal to merge them all together in one cycle.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ