From: Jacob Pan <jacob.jun.pan@linux.intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>,
LKML <linux-kernel@vger.kernel.org>,
Joerg Roedel <joro@8bytes.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
iommu@lists.linux-foundation.org, cgroups@vger.kernel.org,
Tejun Heo <tj@kernel.org>, Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
Alex Williamson <alex.williamson@redhat.com>,
Eric Auger <eric.auger@redhat.com>,
Jonathan Corbet <corbet@lwn.net>, Raj Ashok <ashok.raj@intel.com>,
"Tian, Kevin" <kevin.tian@intel.com>, Yi Liu <yi.l.liu@intel.com>,
Wu Hao <hao.wu@intel.com>, Dave Jiang <dave.jiang@intel.com>,
jacob.jun.pan@linux.intel.com
Subject: Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs
Date: Wed, 31 Mar 2021 09:34:57 -0700 [thread overview]
Message-ID: <20210331093457.753512d4@jacob-builder> (raw)
In-Reply-To: <20210331122805.GC1463678@nvidia.com>
Hi Jason,
On Wed, 31 Mar 2021 09:28:05 -0300, Jason Gunthorpe <jgg@nvidia.com> wrote:
> On Tue, Mar 30, 2021 at 05:10:41PM -0700, Jacob Pan wrote:
> [...]
> [...]
> [...]
> > This requires the mdev driver to obtain a list of allowed
> > PASIDs(possibly during PASID bind time) prior to do enforcement. IMHO,
> > the PASID enforcement points are:
> > 1. During WQ configuration (e.g.program MSI)
> > 2. During work submission
> >
> > For VT-d shared workqueue, there is no way to enforce #2 in mdev driver
> > in that the PASID is obtained from PASID MSR from the CPU and submitted
> > w/o driver involvement.
>
> I assume that the PASID MSR is privileged and only qemu can program
> it? Otherwise this seems like a security problem.
>
yes.
> If qemu controls it then the idxd userspace driver in qemu must ensure
> it is only ever programmed to an authorized PASID.
>
it is ensured for #1.
> > The enforcement for #2 is in the KVM PASID translation table, which
> > is per VM.
>
> I don't understand why KVM gets involved in PASID??
>
Here is an excerpt from the SIOV spec.
https://software.intel.com/content/www/us/en/develop/download/intel-scalable-io-virtualization-technical-specification.html
"3.3 PASID translation
To support PASID isolation for Shared Work Queues used by VMs, the CPU must
provide a way for the PASID to be communicated to the device in the DMWr
transaction. On Intel CPUs, the CPU provides a PASID translation table in
the vCPUs virtual machine control structures. During ENQCMD/ENQCMDS
instruction execution in a VM, the PASID translation table is used by the
CPU to replace the guest PASID in the work descriptor with a host PASID
before the descriptor is sent to the device.3.3 PASID translation"
> Doesn't work submission go either to the mdev driver or through the
> secure PASID of #1?
>
No, once a PASID is bound with IOMMU, KVM, and the mdev, work submission is
all done in HW.
But I don't think this will change for either uAPI design.
> > For our current VFIO mdev model, bind guest page table does not involve
> > mdev driver. So this is a gap we must fill, i.e. include a callback from
> > mdev driver?
>
> No not a callback, tell the mdev driver with a VFIO IOCTL that it is
> authorized to use a specific PASID because the vIOMMU was told to
> allow it by the guest kernel. Simple and straightforward.
>
Make sense.
> > > ioasid_set doesn't seem to help at all, certainly not as a concept
> > > tied to /dev/ioasid.
> > >
> > Yes, we can take the security role off ioasid_set once we have per mdev
> > list. However, ioasid_set being a per VM/mm entity also bridge
> > communications among kernel subsystems that don't have direct call path.
> > e.g. KVM, VDCM and IOMMU.
>
> Everything should revolve around the /dev/ioasid FD. qemu should pass
> it to all places that need to know about PASID's in the VM.
>
I guess we need to extend KVM interface to support PASIDs. Our original
intention was to avoid introducing new interfaces.
> We should try to avoid hidden behind the scenes kernel
> interconnections between subsystems.
>
Can we? in case of exception. Since all these IOCTLs are coming from the
unreliable user space, we must deal all exceptions.
For example, when user closes /dev/ioasid FD before (or w/o) unbind IOCTL
for VFIO, KVM, kernel must do cleanup and coordinate among subsystems.
In this patchset, we have a per mm(ioasid_set) notifier to inform mdev, KVM
to clean up and drop its refcount. Do you have any suggestion on this?
>
> > > So when you 'allow' a mdev to access a PASID you want to say:
> > > Allow Guest PASID A, map it to host PASID B on this /dev/ioasid FD
> > >
>
> > Host and guest PASID value, as well as device info are available through
> > iommu_uapi_sva_bind_gpasid(), we just need to feed that info to mdev
> > driver.
>
> You need that IOCTL to exist on the *mdev driver*. It is a VFIO ioctl,
> not a iommu or ioasid or sva IOCTL.
>
OK. A separate IOCTL and separate step.
> > > That seems like a good helper library to provide for drivers to use,
> > > but it should be a construct entirely contained in the driver.
> > why? would it be cleaner if it is in the common code?
>
> No, it is the "mid layer" problematic design.
>
> Having the iommu layer store driver-specific data on behalf of a
> driver will just make a mess. Use the natural layering we have and
> store driver specific data in the driver structs.
>
> Add a library to help build the datastructure if it necessary.
>
Let me try to paraphrase, you are suggesting common helper code and data
format but still driver specific storage of the mapping, correct?
Will try this out, seems cleaner.
> Jason
Thanks,
Jacob
next prev parent reply other threads:[~2021-03-31 16:33 UTC|newest]
Thread overview: 269+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-27 22:01 [PATCH V4 00/18] IOASID extensions for guest SVA Jacob Pan
2021-02-27 22:01 ` [PATCH V4 01/18] docs: Document IO Address Space ID (IOASID) APIs Jacob Pan
2021-02-27 22:01 ` [PATCH V4 02/18] iommu/ioasid: Rename ioasid_set_data() Jacob Pan
2021-02-27 22:01 ` [PATCH V4 03/18] iommu/ioasid: Add a separate function for detach data Jacob Pan
2021-02-27 22:01 ` [PATCH V4 04/18] iommu/ioasid: Support setting system-wide capacity Jacob Pan
2021-02-27 22:01 ` [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs Jacob Pan
2021-03-19 0:22 ` Jacob Pan
2021-03-19 9:58 ` Jean-Philippe Brucker
2021-03-19 12:46 ` Jason Gunthorpe
2021-03-19 13:41 ` Jean-Philippe Brucker
2021-03-19 13:54 ` Jason Gunthorpe
2021-03-19 18:22 ` Jacob Pan
2021-03-22 9:24 ` Jean-Philippe Brucker
2021-03-24 17:02 ` Jacob Pan
2021-03-24 17:03 ` Jason Gunthorpe
2021-03-24 22:12 ` Jacob Pan
2021-03-25 10:21 ` Jean-Philippe Brucker
2021-03-25 17:02 ` Jacob Pan
2021-03-25 17:16 ` Jason Gunthorpe
2021-03-25 18:23 ` Jacob Pan
2021-03-26 8:06 ` Jean-Philippe Brucker
2021-03-30 13:07 ` Jason Gunthorpe
2021-03-30 13:42 ` Jean-Philippe Brucker
2021-03-30 13:46 ` Jason Gunthorpe
2021-03-25 10:26 ` Jean-Philippe Brucker
2021-03-22 12:03 ` Jason Gunthorpe
2021-03-24 19:05 ` Jacob Pan
2021-03-29 16:31 ` Jason Gunthorpe
2021-03-29 22:55 ` Jacob Pan
2021-03-30 13:43 ` Jason Gunthorpe
2021-03-31 0:10 ` Jacob Pan
2021-03-31 12:28 ` Jason Gunthorpe
2021-03-31 16:34 ` Jacob Pan [this message]
2021-03-31 17:31 ` Jason Gunthorpe
2021-03-31 18:20 ` Jacob Pan
2021-03-31 18:33 ` Jason Gunthorpe
2021-03-31 21:50 ` Jacob Pan
2021-03-31 8:38 ` Liu, Yi L
2021-03-30 1:37 ` Tian, Kevin
2021-03-30 13:28 ` Jason Gunthorpe
2021-03-31 7:38 ` Liu, Yi L
2021-03-31 12:40 ` Jason Gunthorpe
2021-04-01 4:38 ` Liu, Yi L
2021-04-01 7:04 ` Liu, Yi L
2021-04-01 11:54 ` Jason Gunthorpe
2021-04-02 12:46 ` Liu, Yi L
2021-04-01 12:05 ` Jean-Philippe Brucker
2021-04-01 12:12 ` Jason Gunthorpe
2021-04-01 13:38 ` Liu, Yi L
2021-04-01 13:42 ` Jason Gunthorpe
2021-04-01 14:08 ` Liu, Yi L
2021-04-01 16:03 ` Jason Gunthorpe
2021-04-02 7:30 ` Tian, Kevin
2021-04-05 23:35 ` Jason Gunthorpe
2021-04-06 0:37 ` Tian, Kevin
2021-04-06 12:15 ` Jason Gunthorpe
2021-04-15 13:11 ` Auger Eric
2021-04-15 23:07 ` Jason Gunthorpe
2021-04-16 13:12 ` Jacob Pan
2021-04-16 15:45 ` Alex Williamson
2021-04-16 17:23 ` Jacob Pan
2021-04-16 17:54 ` Jason Gunthorpe
2021-04-21 13:18 ` Liu, Yi L
2021-04-21 16:23 ` Jason Gunthorpe
2021-04-21 16:54 ` Alex Williamson
2021-04-21 17:52 ` Jason Gunthorpe
2021-04-21 19:33 ` Alex Williamson
2021-04-21 23:03 ` Jason Gunthorpe
2021-04-22 8:34 ` Tian, Kevin
2021-04-22 12:10 ` Jason Gunthorpe
2021-04-23 9:06 ` Tian, Kevin
2021-04-23 11:49 ` Jason Gunthorpe
2021-04-25 9:24 ` Tian, Kevin
2021-04-26 12:38 ` Jason Gunthorpe
2021-04-28 6:34 ` Tian, Kevin
2021-04-28 15:06 ` Alex Williamson
2021-05-07 7:36 ` Tian, Kevin
2021-05-07 11:56 ` Jason Gunthorpe
2021-05-07 17:06 ` Alex Williamson
2021-05-07 17:10 ` Jason Gunthorpe
2021-05-08 6:08 ` Tian, Kevin
2021-05-08 7:31 ` Tian, Kevin
2021-05-10 2:56 ` Lu Baolu
2021-04-28 20:46 ` Jason Gunthorpe
2021-05-04 16:22 ` Jacob Pan
2021-05-04 16:31 ` Jason Gunthorpe
2021-05-08 5:46 ` Tian, Kevin
2021-05-04 15:41 ` Jacob Pan
2021-05-04 18:00 ` Jason Gunthorpe
2021-05-04 22:11 ` Jacob Pan
2021-05-04 23:15 ` Jason Gunthorpe
2021-05-05 17:22 ` Jacob Pan
2021-05-05 18:00 ` Jason Gunthorpe
2021-05-05 20:04 ` Jacob Pan
2021-05-05 22:21 ` Jason Gunthorpe
2021-05-05 23:23 ` Raj, Ashok
2021-05-06 12:22 ` Jason Gunthorpe
2021-05-08 7:06 ` Liu Yi L
2021-05-06 7:23 ` Jean-Philippe Brucker
2021-05-06 12:27 ` Jason Gunthorpe
2021-05-06 16:32 ` Raj, Ashok
2021-05-07 17:20 ` Jason Gunthorpe
2021-05-07 18:14 ` Raj, Ashok
2021-05-07 18:20 ` Jason Gunthorpe
2021-05-07 19:23 ` Raj, Ashok
2021-05-07 19:28 ` Jason Gunthorpe
2021-05-07 22:15 ` Jacob Pan
2021-05-08 9:56 ` Tian, Kevin
2021-05-10 12:37 ` Jason Gunthorpe
2021-05-10 15:25 ` Raj, Ashok
2021-05-10 15:31 ` Jason Gunthorpe
2021-05-10 16:22 ` Raj, Ashok
2021-05-10 16:39 ` Jason Gunthorpe
2021-05-10 22:28 ` Jacob Pan
2021-05-10 23:45 ` Jason Gunthorpe
2021-05-11 3:56 ` Jacob Pan
2021-05-11 9:10 ` Tian, Kevin
2021-05-11 13:24 ` Liu Yi L
2021-05-11 22:52 ` Tian, Kevin
2021-05-11 14:38 ` Jason Gunthorpe
2021-05-11 22:51 ` Tian, Kevin
2021-05-11 23:39 ` Jason Gunthorpe
2021-05-12 0:21 ` Tian, Kevin
2021-05-12 0:25 ` Jason Gunthorpe
2021-05-12 0:40 ` Tian, Kevin
2021-04-29 8:54 ` Auger Eric
2021-04-29 8:55 ` Auger Eric
2021-04-29 13:26 ` Auger Eric
2021-04-29 20:04 ` Jason Gunthorpe
2021-05-05 9:10 ` Auger Eric
2021-04-22 17:13 ` Alex Williamson
2021-04-22 17:57 ` Jason Gunthorpe
2021-04-22 19:37 ` Alex Williamson
2021-04-22 20:00 ` Jason Gunthorpe
2021-04-22 22:38 ` Alex Williamson
2021-04-22 23:39 ` Jason Gunthorpe
2021-04-23 10:31 ` Tian, Kevin
2021-04-23 11:57 ` Jason Gunthorpe
2021-04-27 5:11 ` David Gibson
2021-04-27 16:39 ` Jason Gunthorpe
2021-04-28 0:49 ` David Gibson
2021-04-23 16:38 ` Alex Williamson
2021-04-23 22:28 ` Jason Gunthorpe
2021-04-27 5:15 ` David Gibson
2021-04-27 5:08 ` David Gibson
2021-04-27 17:12 ` Jason Gunthorpe
2021-04-28 0:58 ` David Gibson
2021-04-28 14:56 ` Jason Gunthorpe
2021-04-29 3:04 ` David Gibson
2021-05-03 16:15 ` Jason Gunthorpe
2021-05-13 5:48 ` David Gibson
2021-05-13 13:59 ` Jason Gunthorpe
2021-05-24 7:52 ` David Gibson
2021-05-24 23:37 ` Jason Gunthorpe
2021-05-25 19:26 ` Kirti Wankhede
2021-05-25 19:52 ` Jason Gunthorpe
2021-05-25 21:18 ` Kirti Wankhede
2021-05-27 5:00 ` David Gibson
2021-05-27 18:25 ` Kirti Wankhede
2021-06-01 3:45 ` David Gibson
2021-05-27 4:58 ` David Gibson
2021-05-27 18:48 ` Jason Gunthorpe
2021-06-01 4:03 ` David Gibson
2021-06-01 12:57 ` Jason Gunthorpe
2021-06-08 0:44 ` David Gibson
2021-06-08 18:34 ` Jason Gunthorpe
2021-05-25 22:52 ` Alex Williamson
2021-05-26 18:10 ` Kirti Wankhede
2021-05-26 18:59 ` Alex Williamson
2021-05-26 19:13 ` Jason Gunthorpe
2021-05-27 4:53 ` David Gibson
2021-05-27 19:06 ` Jason Gunthorpe
2021-06-01 4:27 ` David Gibson
2021-04-28 6:58 ` Tian, Kevin
2021-05-04 17:12 ` Jason Gunthorpe
2021-05-07 8:09 ` Tian, Kevin
2021-04-28 7:47 ` Tian, Kevin
2021-04-28 18:41 ` Jason Gunthorpe
2021-04-27 4:50 ` David Gibson
2021-04-27 17:24 ` Jason Gunthorpe
2021-04-28 1:23 ` David Gibson
2021-04-29 0:21 ` Jason Gunthorpe
2021-04-29 3:20 ` David Gibson
2021-05-03 16:05 ` Jason Gunthorpe
2021-05-04 3:54 ` David Gibson
2021-05-04 18:15 ` Jason Gunthorpe
2021-05-05 4:28 ` Alexey Kardashevskiy
2021-05-05 16:39 ` Jason Gunthorpe
2021-05-13 6:07 ` David Gibson
2021-05-13 13:50 ` Jason Gunthorpe
2021-05-24 7:56 ` David Gibson
2021-05-13 6:01 ` David Gibson
2021-05-13 6:52 ` Tian, Kevin
2021-05-13 13:47 ` Jason Gunthorpe
2021-04-22 12:55 ` Liu Yi L
2021-04-16 13:38 ` Auger Eric
2021-04-16 14:05 ` Jason Gunthorpe
2021-04-16 14:26 ` Auger Eric
2021-04-16 14:34 ` Jason Gunthorpe
2021-04-16 15:00 ` Auger Eric
2021-04-01 11:46 ` Jason Gunthorpe
2021-04-01 13:10 ` Liu, Yi L
2021-04-01 13:15 ` Jason Gunthorpe
2021-04-01 13:43 ` Liu, Yi L
2021-04-01 13:46 ` Jason Gunthorpe
2021-04-02 7:58 ` Tian, Kevin
2021-04-05 23:39 ` Jason Gunthorpe
2021-04-06 1:02 ` Tian, Kevin
2021-04-06 12:21 ` Jason Gunthorpe
2021-04-07 2:23 ` Tian, Kevin
[not found] ` <MWHPR11MB188628BDB37A4EE36F3D99338C769@MWHPR11MB1886.namprd11.prod.outlook.com>
2021-04-06 2:08 ` Tian, Kevin
2021-04-02 10:01 ` Tian, Kevin
2021-04-02 8:22 ` Tian, Kevin
2021-04-05 23:42 ` Jason Gunthorpe
2021-04-06 1:27 ` Tian, Kevin
2021-04-06 12:34 ` Jason Gunthorpe
2021-04-07 2:08 ` Tian, Kevin
2021-04-07 12:20 ` Jason Gunthorpe
2021-04-07 23:50 ` Tian, Kevin
2021-04-08 11:41 ` Jason Gunthorpe
2021-04-06 1:35 ` Jason Wang
2021-04-06 12:42 ` Jason Gunthorpe
2021-04-07 2:06 ` Jason Wang
2021-04-07 8:17 ` Tian, Kevin
2021-04-07 11:58 ` Jason Gunthorpe
2021-04-07 18:43 ` Jean-Philippe Brucker
2021-04-07 19:36 ` Jason Gunthorpe
2021-04-08 9:37 ` Jean-Philippe Brucker
2021-03-30 2:24 ` Tian, Kevin
2021-03-30 13:24 ` Jason Gunthorpe
2021-03-30 4:14 ` Tian, Kevin
2021-03-30 13:27 ` Jason Gunthorpe
2021-03-31 7:41 ` Liu, Yi L
2021-03-31 12:38 ` Jason Gunthorpe
2021-03-31 23:46 ` Jacob Pan
2021-04-01 0:37 ` Jason Gunthorpe
2021-04-01 17:23 ` Jacob Pan
2021-04-01 17:26 ` Jason Gunthorpe
2021-03-19 17:14 ` Jacob Pan
2021-02-27 22:01 ` [PATCH V4 06/18] iommu/ioasid: Add free function and states Jacob Pan
2021-02-27 22:01 ` [PATCH V4 07/18] iommu/ioasid: Add ioasid_set iterator helper functions Jacob Pan
2021-02-27 22:01 ` [PATCH V4 08/18] iommu/ioasid: Introduce ioasid_set private ID Jacob Pan
2021-02-27 22:01 ` [PATCH V4 09/18] iommu/ioasid: Introduce notification APIs Jacob Pan
2021-02-27 22:01 ` [PATCH V4 10/18] iommu/ioasid: Support mm token type ioasid_set notifications Jacob Pan
2021-02-27 22:01 ` [PATCH V4 11/18] iommu/ioasid: Add ownership check in guest bind Jacob Pan
2021-02-27 22:01 ` [PATCH V4 12/18] iommu/vt-d: Remove mm reference for guest SVA Jacob Pan
2021-02-27 22:01 ` [PATCH V4 13/18] iommu/ioasid: Add a workqueue for cleanup work Jacob Pan
2021-02-27 22:01 ` [PATCH V4 14/18] iommu/vt-d: Listen to IOASID notifications Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 15/18] cgroup: Introduce ioasids controller Jacob Pan
2021-03-03 15:44 ` Tejun Heo
2021-03-03 21:17 ` Jacob Pan
2021-03-04 0:02 ` Jacob Pan
2021-03-04 0:23 ` Jason Gunthorpe
2021-03-04 9:49 ` Jean-Philippe Brucker
2021-03-04 17:46 ` Jacob Pan
2021-03-04 17:54 ` Jason Gunthorpe
2021-03-04 19:01 ` Jacob Pan
2021-03-04 19:02 ` Jason Gunthorpe
2021-03-04 21:28 ` Jacob Pan
2021-03-05 8:30 ` Jean-Philippe Brucker
2021-03-05 17:16 ` Jean-Philippe Brucker
2021-03-05 18:20 ` Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 16/18] iommu/ioasid: Consult IOASIDs cgroup for allocation Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 17/18] docs: cgroup-v1: Add IOASIDs controller Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 18/18] ioasid: Add /dev/ioasid for userspace Jacob Pan
2021-03-10 19:23 ` Jason Gunthorpe
2021-03-11 22:55 ` Jacob Pan
2021-03-12 14:54 ` Jason Gunthorpe
2021-03-02 12:58 ` [PATCH V4 00/18] IOASID extensions for guest SVA Liu, Yi L
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210331093457.753512d4@jacob-builder \
--to=jacob.jun.pan@linux.intel.com \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dave.jiang@intel.com \
--cc=dwmw2@infradead.org \
--cc=eric.auger@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=hao.wu@intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.com \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=tj@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).