From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754344AbcBCNLK (ORCPT ); Wed, 3 Feb 2016 08:11:10 -0500 Received: from foss.arm.com ([217.140.101.70]:34144 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751048AbcBCNLI (ORCPT ); Wed, 3 Feb 2016 08:11:08 -0500 Date: Wed, 3 Feb 2016 13:10:58 +0000 From: Will Deacon To: Christoffer Dall Cc: Eric Auger , Alex Williamson , eric.auger@st.com, marc.zyngier@arm.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, Bharat.Bhushan@freescale.com, pranav.sawargaonkar@gmail.com, p.fedin@samsung.com, suravee.suthikulpanit@amd.com, linux-kernel@vger.kernel.org, patches@linaro.org, iommu@lists.linux-foundation.org Subject: Re: [PATCH 00/10] KVM PCIe/MSI passthrough on ARM/ARM64 Message-ID: <20160203131057.GA20217@arm.com> References: <1453813968-2024-1-git-send-email-eric.auger@linaro.org> <1454017899.23148.0.camel@redhat.com> <56AB78B1.2030202@linaro.org> <1454096004.9301.1.camel@redhat.com> <56ABD8E0.6080409@linaro.org> <20160201140351.GE6828@arm.com> <20160203125047.GB13974@cbox> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160203125047.GB13974@cbox> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 03, 2016 at 01:50:47PM +0100, Christoffer Dall wrote: > On Mon, Feb 01, 2016 at 02:03:51PM +0000, Will Deacon wrote: > > On Fri, Jan 29, 2016 at 10:25:52PM +0100, Eric Auger wrote: > > > On 01/29/2016 08:33 PM, Alex Williamson wrote: > > > >>> We know that x86 handles MSI vectors specially, so there is some > > > >>> hardware that helps the situation. It's not just that x86 has a fixed > > > >>> range for MSI, it's how it manages that range when interrupt remapping > > > >>> hardware is enabled. A device table indexed by source-ID references a > > > >>> per device table indexed by data from the MSI write itself. So we get > > > >>> much, much finer granularity, > > > >> About the granularity, I think ARM GICv3 now provides a similar > > > >> capability with GICv3 ITS (interrupt translation service). Along with > > > >> the MSI MSG write transaction, the device outputs a DeviceID conveyed on > > > >> the bus. This DeviceID (~ your source-ID) enables to index a device > > > >> table. The entry in the device table points to a DeviceId interrupt > > > >> translation table indexed by the EventID found in the msi msg. So the > > > >> entry in the interrupt translation table eventually gives you the > > > >> eventual interrupt ID targeted by the MSI MSG. > > > >> This translation capability if not available in GICv2M though, ie. the > > > >> one I am currently using. > > > >> > > > >> Those tables currently are built by the ITS irqchip (irq-gic-v3-its.c) > > > > That's right. GICv3/ITS disambiguates the interrupt source using the > > DeviceID, which for PCI is derived from the Requester ID of the endpoint. > > GICv2m is less flexible and requires a separate physical frame per guest > > to achieve isolation. > > > We should still support MSI passthrough with a single MSI frame host > system though, right? I think we should treat the frame as an exclusive resource and assign it to a single VM. > (Users should just be aware that guests are not fully protected against > misbehaving hardware in that case). Is it confined to misbehaving hardware? What if a malicious/buggy guest configures its device to DMA all over the doorbell? Will From mboxrd@z Thu Jan 1 00:00:00 1970 From: Will Deacon Subject: Re: [PATCH 00/10] KVM PCIe/MSI passthrough on ARM/ARM64 Date: Wed, 3 Feb 2016 13:10:58 +0000 Message-ID: <20160203131057.GA20217@arm.com> References: <1453813968-2024-1-git-send-email-eric.auger@linaro.org> <1454017899.23148.0.camel@redhat.com> <56AB78B1.2030202@linaro.org> <1454096004.9301.1.camel@redhat.com> <56ABD8E0.6080409@linaro.org> <20160201140351.GE6828@arm.com> <20160203125047.GB13974@cbox> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: eric.auger-qxv4g6HH51o@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Eric Auger , marc.zyngier-5wv7dgnIgG8@public.gmane.org, patches-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org, p.fedin-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, pranav.sawargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg@public.gmane.org, linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org To: Christoffer Dall Return-path: Content-Disposition: inline In-Reply-To: <20160203125047.GB13974@cbox> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: kvm.vger.kernel.org On Wed, Feb 03, 2016 at 01:50:47PM +0100, Christoffer Dall wrote: > On Mon, Feb 01, 2016 at 02:03:51PM +0000, Will Deacon wrote: > > On Fri, Jan 29, 2016 at 10:25:52PM +0100, Eric Auger wrote: > > > On 01/29/2016 08:33 PM, Alex Williamson wrote: > > > >>> We know that x86 handles MSI vectors specially, so there is some > > > >>> hardware that helps the situation. It's not just that x86 has a fixed > > > >>> range for MSI, it's how it manages that range when interrupt remapping > > > >>> hardware is enabled. A device table indexed by source-ID references a > > > >>> per device table indexed by data from the MSI write itself. So we get > > > >>> much, much finer granularity, > > > >> About the granularity, I think ARM GICv3 now provides a similar > > > >> capability with GICv3 ITS (interrupt translation service). Along with > > > >> the MSI MSG write transaction, the device outputs a DeviceID conveyed on > > > >> the bus. This DeviceID (~ your source-ID) enables to index a device > > > >> table. The entry in the device table points to a DeviceId interrupt > > > >> translation table indexed by the EventID found in the msi msg. So the > > > >> entry in the interrupt translation table eventually gives you the > > > >> eventual interrupt ID targeted by the MSI MSG. > > > >> This translation capability if not available in GICv2M though, ie. the > > > >> one I am currently using. > > > >> > > > >> Those tables currently are built by the ITS irqchip (irq-gic-v3-its.c) > > > > That's right. GICv3/ITS disambiguates the interrupt source using the > > DeviceID, which for PCI is derived from the Requester ID of the endpoint. > > GICv2m is less flexible and requires a separate physical frame per guest > > to achieve isolation. > > > We should still support MSI passthrough with a single MSI frame host > system though, right? I think we should treat the frame as an exclusive resource and assign it to a single VM. > (Users should just be aware that guests are not fully protected against > misbehaving hardware in that case). Is it confined to misbehaving hardware? What if a malicious/buggy guest configures its device to DMA all over the doorbell? Will From mboxrd@z Thu Jan 1 00:00:00 1970 From: will.deacon@arm.com (Will Deacon) Date: Wed, 3 Feb 2016 13:10:58 +0000 Subject: [PATCH 00/10] KVM PCIe/MSI passthrough on ARM/ARM64 In-Reply-To: <20160203125047.GB13974@cbox> References: <1453813968-2024-1-git-send-email-eric.auger@linaro.org> <1454017899.23148.0.camel@redhat.com> <56AB78B1.2030202@linaro.org> <1454096004.9301.1.camel@redhat.com> <56ABD8E0.6080409@linaro.org> <20160201140351.GE6828@arm.com> <20160203125047.GB13974@cbox> Message-ID: <20160203131057.GA20217@arm.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Wed, Feb 03, 2016 at 01:50:47PM +0100, Christoffer Dall wrote: > On Mon, Feb 01, 2016 at 02:03:51PM +0000, Will Deacon wrote: > > On Fri, Jan 29, 2016 at 10:25:52PM +0100, Eric Auger wrote: > > > On 01/29/2016 08:33 PM, Alex Williamson wrote: > > > >>> We know that x86 handles MSI vectors specially, so there is some > > > >>> hardware that helps the situation. It's not just that x86 has a fixed > > > >>> range for MSI, it's how it manages that range when interrupt remapping > > > >>> hardware is enabled. A device table indexed by source-ID references a > > > >>> per device table indexed by data from the MSI write itself. So we get > > > >>> much, much finer granularity, > > > >> About the granularity, I think ARM GICv3 now provides a similar > > > >> capability with GICv3 ITS (interrupt translation service). Along with > > > >> the MSI MSG write transaction, the device outputs a DeviceID conveyed on > > > >> the bus. This DeviceID (~ your source-ID) enables to index a device > > > >> table. The entry in the device table points to a DeviceId interrupt > > > >> translation table indexed by the EventID found in the msi msg. So the > > > >> entry in the interrupt translation table eventually gives you the > > > >> eventual interrupt ID targeted by the MSI MSG. > > > >> This translation capability if not available in GICv2M though, ie. the > > > >> one I am currently using. > > > >> > > > >> Those tables currently are built by the ITS irqchip (irq-gic-v3-its.c) > > > > That's right. GICv3/ITS disambiguates the interrupt source using the > > DeviceID, which for PCI is derived from the Requester ID of the endpoint. > > GICv2m is less flexible and requires a separate physical frame per guest > > to achieve isolation. > > > We should still support MSI passthrough with a single MSI frame host > system though, right? I think we should treat the frame as an exclusive resource and assign it to a single VM. > (Users should just be aware that guests are not fully protected against > misbehaving hardware in that case). Is it confined to misbehaving hardware? What if a malicious/buggy guest configures its device to DMA all over the doorbell? Will