Received: by 10.213.65.68 with SMTP id h4csp1292043imn; Thu, 29 Mar 2018 01:50:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx48VRlmmn6Z/DfURODertyE9y6i0ezSDMR3BSlcZhdCr19J8J0Baz1taXBA/iiEuBmAlbtFu X-Received: by 2002:a17:902:8602:: with SMTP id f2-v6mr7239229plo.73.1522313401978; Thu, 29 Mar 2018 01:50:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522313401; cv=none; d=google.com; s=arc-20160816; b=1KRaxQVNy5kKoMxuWjqdbBrrKkq4BKR1Cm6qZ/fL1Zuy1WDN6ZEtSo1ors3rw01Oyg EHzU+nb5y6C+YQ96hYSqEAbX3KA2o4nz+NgHMOELZwMmR8OpB8isCLqaSPSGH/nVJhZx p9VNE3CbTbbJjICWvQUd0ww6gocY2sOxEV3PRRdIYZ7uWoHyqlroMQFjZ6UnDrS7Gbew dup+MwCfZ1EoqtSAyRJLwU6eET2wRut7/ptb3ISIUS8qp8H4B491D9JEW3SSWQfCnX6Y nrSP8l9rLtByvpLCjmFnDaEZAuNs1g6YoOMFG9tsjb0fkZGc2AX3L6XAYaC8zacmuCh1 XwPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=+KEvGiz1ap/DyoYYcHzepw1G9jBdci2lPdxsSHv6Tu0=; b=fsak5CVGZmspm6NSYVZYP3gv67Eon5ZaGkGp2ORb84nMbV8BWD8Oj6u+HOuJrXo8b2 ZEjQbWPXqsB+NLp/JenZaVSr/6aDLiC0Fg1Ipku3+y7gaHKzxLqcoQ8SvGxvuKQaz/EJ SVTWl3Tk9TdEO668HR/TlmcGeJBdoq75NemiPZEJr8d7ekq8CQq1KlQ2HKi1i5oQv7/V uSvwjuNZq+OAYOL4wzsYQO30rwFfZ3TDT0noDWlJ5F8Dc17l3RvHVLiPLWx3pYl2My7m dao2GaPqEnXTB0DE1ycvMWwJiJwMQ0T/widqxSL1uJsWmpUuzhKGZvECmJXsL1R0GjG+ Nhhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=LeoGcFEy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n2-v6si5143544plp.518.2018.03.29.01.49.47; Thu, 29 Mar 2018 01:50:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=LeoGcFEy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751938AbeC2Is2 (ORCPT + 99 others); Thu, 29 Mar 2018 04:48:28 -0400 Received: from 8bytes.org ([81.169.241.247]:44768 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751052AbeC2Is0 (ORCPT ); Thu, 29 Mar 2018 04:48:26 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id 9835426C; Thu, 29 Mar 2018 10:48:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1522313305; bh=J1dYRg/3O1Tl60GYQ/1j5CvvN5gKxj9zoZfk6gAXgoI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LeoGcFEy4bnZ6HGFGykSpGgtk75rT2xU62FUlOscd9kQn+sij9CYLShOLY/oTMUlE T5ip/aoG8zEIslub4mhzHsEENiSD/60lCZwvrk6dslFZx8cIa2eHW0inRym4NlBgy2 90JPO8fAb5D1+MU7ItAawtXPRWtJhLZOYFtTwDD6903Y/qJ/HLxptM+ulcddCjff5s JPS1A1g9SFpBcmW5vOovqwTtyPuH2ljEmQB0NVWZA0mYN9067iav5MsGTBtXuM8a/Q YsRocjDtCfQhi2kmngNDa18/5bLXnTjBhrIIhi65G6KrrVCOpHb9SGgtXVQgYWoTox f6yEw8WehWoeA== Date: Thu, 29 Mar 2018 10:48:24 +0200 From: Joerg Roedel To: Jacob Pan Cc: Gary R Hook , "Raj, Ashok" , Sohil Mehta , Alex Williamson , David Woodhouse , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Gayatri Kammela , Ravi V Shankar , Andy Shevchenko , Lu Baolu , Fenghua Yu Subject: Re: [PATCH v7 0/5] Add Intel IOMMU debugfs support Message-ID: <20180329084824.fvy7cg2wban4by4n@8bytes.org> References: <1517619001-148586-1-git-send-email-sohil.mehta@intel.com> <20180213140303.42mbzfxpypljy37l@8bytes.org> <20180213214002.GA27066@otc-nc-03> <20180213145332.35c73eda@jacob-builder> <20180215095337.fccoozdclfnbepi4@8bytes.org> <20180215083811.3ec86e49@jacob-builder> <20180315131854.s6xmltsvsysublcw@8bytes.org> <20180319093714.3afe698b@jacob-builder> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180319093714.3afe698b@jacob-builder> User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Adding Gary from AMD to Cc ] On Mon, Mar 19, 2018 at 09:37:14AM -0700, Jacob Pan wrote: > On Thu, 15 Mar 2018 14:18:54 +0100 > Joerg Roedel wrote: > > > On Thu, Feb 15, 2018 at 08:38:11AM -0800, Jacob Pan wrote: > > > Just wondering if your concern is on the implementation or the > > > debugfs idea in general. Perhaps have some common IOMMU debugfs? > > > > My concern mainly is that we add interfaces which reveal > > potentially security relevant information > I don;t think security is any worse than existing kernel page table in > debugfs. i.e. /sys/kernel/debug/page_tables > This is a debug feature. Okay, so here is the way to go: Please introduce a basic debugfs facility to the core iommu code. It should basically only create a 'iommu/' directory in debugfs where drivers can create their own sub-directories. This must be enabled by a new kconfig option (CONFIG_IOMMU_DEBUGFS) and the kernel should print a big fat warning at boot when it is enabled. This hopefully prevents anyone from enabling it for production kernels. Then in the next cycle I will review again more closely what information about VT-d and AMD-Vi is revealed there and will probably apply what I can live with. Thanks, Joerg