lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251128165616.GD812105@ziepe.ca>
Date: Fri, 28 Nov 2025 12:56:16 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Mostafa Saleh <smostafa@...gle.com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	kvmarm@...ts.linux.dev, iommu@...ts.linux.dev,
	catalin.marinas@....com, will@...nel.org, maz@...nel.org,
	oliver.upton@...ux.dev, joey.gouly@....com, suzuki.poulose@....com,
	yuzenghui@...wei.com, joro@...tes.org, jean-philippe@...aro.org,
	praan@...gle.com, danielmentz@...gle.com, mark.rutland@....com,
	qperret@...gle.com, tabba@...gle.com
Subject: Re: [PATCH v5 14/27] iommu/arm-smmu-v3: Support probing KVM emulated
 devices

On Mon, Nov 17, 2025 at 06:48:01PM +0000, Mostafa Saleh wrote:
> When KVM runs in protected mode, and CONFIG_ARM_SMMU_V3_PKVM
> is enabled, it will manage the SMMUv3 HW using trap and emulate
> and present emulated SMMUs to the host kernel.
> 
> In that case, those SMMUs will be on the aux bus, so make it
> possibly to the driver to probe those devices.
> Otherwise, everything else is the same as the KVM emulation
> complies with the architecutre, so the driver doesn't need
> to be modified.
> 
> Suggested-by: Jason Gunthorpe <jgg@...pe.ca>
> Signed-off-by: Mostafa Saleh <smostafa@...gle.com>
> ---
>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 58 +++++++++++++++++++++
>  1 file changed, 58 insertions(+)
> 
> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> index 7b1bd0658910..851d47bedae6 100644
> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> @@ -11,6 +11,7 @@
>  
>  #include <linux/acpi.h>
>  #include <linux/acpi_iort.h>
> +#include <linux/auxiliary_bus.h>
>  #include <linux/bitops.h>
>  #include <linux/crash_dump.h>
>  #include <linux/delay.h>
> @@ -4604,6 +4605,63 @@ static struct platform_driver arm_smmu_driver = {
>  module_driver(arm_smmu_driver, platform_driver_register,
>  	      arm_smmu_driver_unregister);
>  
> +#ifdef CONFIG_ARM_SMMU_V3_PKVM
> +/*
> + * Now we have 2 devices, the aux device bound to this driver, and pdev
> + * which is the physical platform device.
> + * This part is a bit hairy but it works due to the fact that
> + * CONFIG_ARM_SMMU_V3_PKVM forces both drivers to be built in.
> + * The struct device for the SMMU is used in the following cases:
> + * 1) Printing using dev_*()
> + * 2) DMA memory alloc (dmam_alloc_coherent, devm_*)
> + * 3) Requesting resources (iomem, sysfs)
> + * 4) Probing firmware info (of_node, fwnode...)
> + * 5) Dealing with abstracted HW resources (irqs, MSIs, RPM)
> + * 6) Saving/reading driver data
> + * For point 4) and 5) we must use the platform device.
> + * For, 1) pdev is better for debuggability.
> + * For 2), 3), 6) it's better to use the bound device.
> + * However that doesn't really work:
> + * For 2) The DMA allocation using the aux device will fail, as
> + * we need to setup some device DMA attrs (mask), to match the
> + * platform.
> + * For 6) Some contexts from the pdev as MSI, it needs to use the
> + * drvdata.
> + * Based on the following:
> + * 1- Both drivers must be built-in to enable this (enforced by Kconfig),
> + *    which means that none of them can be removed.
> + * 2- The KVM driver doesn't do anythng at runtime and doesn't use drvdata.
> + * We can keep the driver simple and to claim the platform device in all cases.
> + */

It is OK I guess, I wouldn't insist you change it, but I think it is
kind of gross. Registering the iommu driver against the platform
device instead of the aux is pretty ugly and denies userspace the
ability to see that the hypervisor is sitting in there through the
sysfs topology.

Not sure why the commentary about built-in though, what does that have
to do with anything? If the aux driver is not built in then it will
just module load later and everything should be fine?

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ