iommu.lists.linux-foundation.org archive mirror
 help / color / mirror / Atom feed
From: "Sironi, Filippo via iommu" <iommu@lists.linux-foundation.org>
To: "robin.murphy@arm.com" <robin.murphy@arm.com>,
	"sebott@amazon.de" <sebott@amazon.de>,
	"joro@8bytes.org" <joro@8bytes.org>
Cc: "Serebrin, Benjamin" <serebrin@amazon.com>,
	"iommu@lists.linux-foundation.org"
	<iommu@lists.linux-foundation.org>
Subject: Re: [PATCH v2 0/3] iommu/amd: I/O VA address limits
Date: Fri, 17 Jul 2020 15:15:43 +0000	[thread overview]
Message-ID: <715c45b76f49b732e5f20157945d2ae262654602.camel@amazon.de> (raw)
In-Reply-To: <004a060f-823d-af4e-a34d-1ff029faa40f@arm.com>

On Fri, 2020-07-17 at 15:36 +0100, Robin Murphy wrote:
> On 2020-07-17 14:22, Sironi, Filippo wrote:
> > On Fri, 2020-07-17 at 10:47 +0100, Robin Murphy wrote:
> > > 
> > > On 2020-07-17 10:20, Sebastian Ott via iommu wrote:
> > > > Hello Joerg,
> > > > 
> > > > On 2020-07-10 14:31, Joerg Roedel wrote:
> > > > > On Wed, Jul 01, 2020 at 12:46:31AM +0200, Sebastian Ott wrote:
> > > > > > The IVRS ACPI table specifies maximum address sizes for I/O
> > > > > > virtual
> > > > > > addresses that can be handled by the IOMMUs in the system.
> > > > > > Parse
> > > > > > that
> > > > > > data from the IVRS header to provide aperture information
> > > > > > for
> > > > > > DMA
> > > > > > mappings and users of the iommu API.
> > > > > > 
> > > > > > Changes for V2:
> > > > > >    - use limits in iommu_setup_dma_ops()
> > > > > >    - rebased to current upstream
> > > > > > 
> > > > > > Sebastian Ott (3):
> > > > > >     iommu/amd: Parse supported address sizes from IVRS
> > > > > >     iommu/amd: Restrict aperture for domains to conform with
> > > > > > IVRS
> > > > > >     iommu/amd: Actually enforce geometry aperture
> > > > > 
> > > > > Thanks for the changes. May I ask what the reason for those
> > > > > changes are?
> > > > > AFAIK all AMD IOMMU implementations (in hardware) support full
> > > > > 64bit
> > > > > address spaces, and the IVRS table might actually be wrong,
> > > > > limiting the
> > > > > address space in the worst case to only 32 bit.
> > > > 
> > > > It's not the IOMMU, but we've encountered devices that are
> > > > capable
> > > > of
> > > > more than
> > > > 32- but less than 64- bit IOVA, and there's no way to express
> > > > that
> > > > to
> > > > the IOVA
> > > > allocator in the PCIe spec. Our solution was to have our
> > > > platforms
> > > > express an
> > > > IVRS entry that says the IOMMU is capable of 48-bit, which these
> > > > devices
> > > > can generate.
> > > > 48 bits is plenty of address space in this generation for the
> > > > application we have.
> > > 
> > > Hmm, for constraints of individual devices, it should really be
> > > their
> > > drivers' job to call dma_set_mask*() with the appropriate value in
> > > the
> > > first place rather than just assuming that 64 means anything >32.
> > > If
> > > it's a case where the device itself technically is 64-bit capable,
> > > but
> > > an upstream bridge is constraining it, then that limit can also be
> > > described either by dedicated firmware properties (e.g. ACPI _DMA)
> > > or
> > > with a quirk like via_no_dac().
> > > 
> > > Robin.
> > 
> > You cannot rely on the device driver only because the device driver
> > attach might be a generic one like vfio-pci, for instance, that
> > doesn't
> > have any device specific knowledge.
> 
> Indeed, but on the other hand a generic driver that doesn't know the
> device is highly unlikely to set up any DMA transactions by itself
> either. In the case of VFIO, it would then be the guest/userspace
> driver's responsibility to take the equivalent action to avoid
> allocating addresses the hardware can't actually use.

I don't believe that we want to trust a userspace driver here, this may
result in hosts becoming unstable because devices are asked to do things
they aren't meant to do (e.g., DMA beyond 48 bits).

> I'm mostly just wary that trying to fake up a per-device restriction
> as
> a global one is a bit crude, and has the inherent problem that
> whatever
> you think the lowest common denominator is, there's the potential for
> some device to be hotplugged in later and break the assumption you've
> already had to commit to.

I agree, if the BIOS sets up an IVRS table with aperture of 48 bits and
all of a sudden we hotplug a device that only support 36 bits we're in a
bad place.

> And of course I am taking a bit of a DMA-API-centric viewpoint here -
> I
> think exposing per-device properties like bus_dma_limit that aren't
> easily identifiable for VFIO users to take into account is still
> rather
> an open problem.
> 
> Robin.

The use of ACPI _DMA that you suggest looks interesting and would allow
the kernel to prevent a dumb userspace driver using VFIO to make damage,
I think.

It doesn't look like there's much support for ACPI _DMA though. Are you
aware of existing efforts on this front?

Filippo





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879


_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

  reply	other threads:[~2020-07-17 15:16 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-05 14:56 [PATCH 0/3] iommu/amd: I/O VA address limits Sebastian Ott via iommu
2020-06-05 14:56 ` [PATCH 1/3] iommu/amd: Parse supported address sizes from IVRS Sebastian Ott via iommu
2020-06-05 14:56 ` [PATCH 2/3] iommu/amd: Restrict aperture for domains to conform with IVRS Sebastian Ott via iommu
2020-06-05 14:56 ` [PATCH 3/3] iommu/amd: Actually enforce geometry aperture Sebastian Ott via iommu
2020-06-30  9:30   ` Joerg Roedel
2020-06-30 22:46     ` [PATCH v2 0/3] iommu/amd: I/O VA address limits Sebastian Ott via iommu
2020-06-30 22:46       ` [PATCH v2 1/3] iommu/amd: Parse supported address sizes from IVRS Sebastian Ott via iommu
2020-06-30 22:46       ` [PATCH v2 2/3] iommu/amd: Restrict aperture for domains to conform with IVRS Sebastian Ott via iommu
2020-06-30 22:46       ` [PATCH v2 3/3] iommu/amd: Actually enforce geometry aperture Sebastian Ott via iommu
2020-07-10 12:31       ` [PATCH v2 0/3] iommu/amd: I/O VA address limits Joerg Roedel
2020-07-17  9:20         ` Sebastian Ott via iommu
2020-07-17  9:47           ` Robin Murphy
2020-07-17 13:22             ` Sironi, Filippo via iommu
2020-07-17 14:36               ` Robin Murphy
2020-07-17 15:15                 ` Sironi, Filippo via iommu [this message]
2020-07-22 12:19                   ` joro
2020-07-22 12:34                     ` Sironi, Filippo via iommu
2020-07-22 14:00                       ` joro
2020-06-24 16:09 ` [PATCH " Sebastian Ott via iommu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=715c45b76f49b732e5f20157945d2ae262654602.camel@amazon.de \
    --to=iommu@lists.linux-foundation.org \
    --cc=joro@8bytes.org \
    --cc=robin.murphy@arm.com \
    --cc=sebott@amazon.de \
    --cc=serebrin@amazon.com \
    --cc=sironi@amazon.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).