| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aQt9-kTCe8TpuyVq@google.com>
Date: Wed, 5 Nov 2025 16:40:26 +0000
From: Mostafa Saleh <smostafa@...gle.com>
To: Jason Gunthorpe <jgg@...pe.ca>
Cc: Will Deacon <will@...nel.org>, linux-kernel@...r.kernel.org,
kvmarm@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
iommu@...ts.linux.dev, maz@...nel.org, oliver.upton@...ux.dev,
joey.gouly@....com, suzuki.poulose@....com, yuzenghui@...wei.com,
catalin.marinas@....com, robin.murphy@....com,
jean-philippe@...aro.org, qperret@...gle.com, tabba@...gle.com,
mark.rutland@....com, praan@...gle.com
Subject: Re: [PATCH v4 15/28] iommu/arm-smmu-v3: Load the driver later in KVM
mode
On Thu, Oct 02, 2025 at 12:13:08PM -0300, Jason Gunthorpe wrote:
> On Mon, Sep 29, 2025 at 11:10:11AM +0000, Mostafa Saleh wrote:
> > Another possible solution, to keep a device bound to the KVM driver,
> > is to probe the SMMUs from the KVM driver, then to create child devices;
> > possibly use something as device_set_of_node_from_dev to bind those to
> > the main SMMUv3 or find another way to probe the main SMMUv3 without
> > changes.
>
> I do prefer something more like this one, I think it is nice that the
> kvm specific driver will remain bound and visible so there is some
> breadcrumbs about what happened to the system for debugging/etc.
>
> Not sure how to do it, but I think it should be achievable..
>
> Maybe even a simple faux/aux device and just pick up the of_node from
> the parent..
I spent some time looking into this
With the approach of creating new devices as:
pdev = platform_device_alloc(dev_name(dev), PLATFORM_DEVID_AUTO);
pdev->dev.parent = dev;
device_set_node(&pdev->dev, dev->fwnode);
platform_device_add_resources(pdev, cur_pdev->resource,
cur_pdev->num_resources);
platform_device_add(pdev);
That is done from an init call after KVM init, where the KVM driver
probes the SMMUs, which then does
bus_rescan_devices(&platform_bus_type);
In the KVM driver probe, it had:
if (pdev->dev.parent->driver == &smmuv3_nesting_driver.driver)
return -ENODEV;
Which causes the main SMMU driver to probe the new devices.
However, that didn’t work because, as from Linux perspective the
nested driver was bound to all the SMMUs which means that any
device that is connected to an SMMUv3 has its dependencies met, which
caused those drivers to start probing without IOMMU ops.
Also, the approach with bind/unbind seemed to not work reliably
because of the same reason.
Looking into the probe path, it roughly does.
1) Device / Driver matching driver_match_device
2) Check suppliers before probe (device_links_check_suppliers)
3) Actual probe
I can’t see a way of adding dependencies in #1
For #2, there 2 problems,
i) It’s not clear how to create links, something as fwnode_link_add()
won’t work as one of the devices won’t have fwnode and device_link_add()
will need the device to be already created (and not sure how
to guarantee it won’t probe)
ii) Assuming we were able to create the link, it will be set to
DL_STATE_AVAILABLE once the nested driver probes, which won’t prevent
the main driver from probing till KVM initialises.
It seems device links are not the write tool to use.
So far, the requirements we need to satisfy are:
1- No driver should bind to the SMMUs before KVM initialises.
2- Back the nested driver with devices and possibly link them
The only possible solutions I see:
1- Keep patch as is
2- Check if KVM is initialised from the SMMUv3 driver,
if not -EPROBE_DEFER (as Will suggested), that will guarded by the
KVM driver macro and cmdline to enable protected mode.
Then if needed, we can create devices from the nested driver and link
them to the main ones in same initcall after the devices are created.
I can to look into more suggestions, otherwise, I will try with #2
with the -EPROBE_DEFER.
Thanks,
Mostafa
>
> Jason
Powered by blists - more mailing lists