From: Lu Baolu <baolu.lu@linux.intel.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: tsoni@codeaurora.org, virtio-dev@lists.oasis-open.org,
will@kernel.org, konrad.wilk@oracle.com, jan.kiszka@siemens.com,
jasowang@redhat.com, Srivatsa Vaddagiri <vatsa@codeaurora.org>,
christoffer.dall@arm.com, pratikp@codeaurora.org,
virtualization@lists.linux-foundation.org,
iommu@lists.linux-foundation.org, stefano.stabellini@xilinx.com,
alex.bennee@linaro.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/5] virtio: Add bounce DMA ops
Date: Wed, 29 Apr 2020 13:42:13 +0800 [thread overview]
Message-ID: <b676430c-65b3-096e-ca48-ceebf10f4b28@linux.intel.com> (raw)
In-Reply-To: <20200429004531-mutt-send-email-mst@kernel.org>
On 2020/4/29 12:57, Michael S. Tsirkin wrote:
> On Wed, Apr 29, 2020 at 10:22:32AM +0800, Lu Baolu wrote:
>> On 2020/4/29 4:41, Michael S. Tsirkin wrote:
>>> On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:
>>>> * Michael S. Tsirkin<mst@redhat.com> [2020-04-28 12:17:57]:
>>>>
>>>>> Okay, but how is all this virtio specific? For example, why not allow
>>>>> separate swiotlbs for any type of device?
>>>>> For example, this might make sense if a given device is from a
>>>>> different, less trusted vendor.
>>>> Is swiotlb commonly used for multiple devices that may be on different trust
>>>> boundaries (and not behind a hardware iommu)?
>>> Even a hardware iommu does not imply a 100% security from malicious
>>> hardware. First lots of people use iommu=pt for performance reasons.
>>> Second even without pt, unmaps are often batched, and sub-page buffers
>>> might be used for DMA, so we are not 100% protected at all times.
>>>
>>
>> For untrusted devices, IOMMU is forced on even iommu=pt is used;
>
> I think you are talking about untrusted *drivers* like with VFIO.
No. I am talking about untrusted devices like thunderbolt peripherals.
We always trust drivers hosted in kernel and the DMA APIs are designed
for them, right?
Please refer to this series.
https://lkml.org/lkml/2019/9/6/39
Best regards,
baolu
>
> On the other hand, I am talking about things like thunderbolt
> peripherals being less trusted than on-board ones.
>
> Or possibly even using swiotlb for specific use-cases where
> speed is less of an issue.
>
> E.g. my wifi is pretty slow anyway, and that card is exposed to
> malicious actors all the time, put just that behind swiotlb
> for security, and leave my graphics card with pt since
> I'm trusting it with secrets anyway.
>
>
>> and
>> iotlb flush is in strict mode (no batched flushes); ATS is also not
>> allowed. Swiotlb is used to protect sub-page buffers since IOMMU can
>> only apply page granularity protection. Swiotlb is now used for devices
>> from different trust zone.
>>
>> Best regards,
>> baolu
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-04-29 5:42 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-28 11:39 [PATCH 0/5] virtio on Type-1 hypervisor Srivatsa Vaddagiri
2020-04-28 11:39 ` [PATCH 1/5] swiotlb: Introduce concept of swiotlb_pool Srivatsa Vaddagiri
2020-04-29 0:31 ` kbuild test robot
2020-04-28 11:39 ` [PATCH 2/5] swiotlb: Allow for non-linear mapping between paddr and vaddr Srivatsa Vaddagiri
2020-04-28 11:39 ` [PATCH 3/5] swiotlb: Add alloc and free APIs Srivatsa Vaddagiri
2020-04-30 4:18 ` kbuild test robot
2020-04-28 11:39 ` [PATCH 4/5] swiotlb: Add API to register new pool Srivatsa Vaddagiri
2020-04-28 11:39 ` [PATCH 5/5] virtio: Add bounce DMA ops Srivatsa Vaddagiri
2020-04-28 16:17 ` Michael S. Tsirkin
2020-04-28 17:49 ` Srivatsa Vaddagiri
2020-04-28 20:41 ` Michael S. Tsirkin
2020-04-28 23:04 ` Stefano Stabellini
2020-04-29 4:09 ` Srivatsa Vaddagiri
2020-04-29 2:22 ` Lu Baolu
2020-04-29 4:57 ` Michael S. Tsirkin
2020-04-29 5:42 ` Lu Baolu [this message]
2020-04-29 6:50 ` Michael S. Tsirkin
2020-04-29 7:01 ` Lu Baolu
2020-04-29 9:44 ` Srivatsa Vaddagiri
2020-04-29 9:52 ` Michael S. Tsirkin
2020-04-29 10:09 ` Srivatsa Vaddagiri
2020-04-29 10:20 ` Michael S. Tsirkin
2020-04-29 10:26 ` Jan Kiszka
2020-04-29 10:45 ` Michael S. Tsirkin
2020-04-29 10:55 ` [virtio-dev] " Jan Kiszka
2020-04-29 10:34 ` Srivatsa Vaddagiri
2020-04-30 15:20 ` Konrad Rzeszutek Wilk
2020-04-29 3:35 ` Srivatsa Vaddagiri
2020-04-28 21:35 ` kbuild test robot
2020-04-28 22:18 ` kbuild test robot
2020-04-28 22:53 ` Stefano Stabellini
2020-04-29 21:06 ` kbuild test robot
2020-04-29 21:06 ` [RFC PATCH] virtio: virtio_pool can be static kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b676430c-65b3-096e-ca48-ceebf10f4b28@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=alex.bennee@linaro.org \
--cc=christoffer.dall@arm.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jan.kiszka@siemens.com \
--cc=jasowang@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pratikp@codeaurora.org \
--cc=stefano.stabellini@xilinx.com \
--cc=tsoni@codeaurora.org \
--cc=vatsa@codeaurora.org \
--cc=virtio-dev@lists.oasis-open.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).