Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp303147ybz; Wed, 29 Apr 2020 00:06:03 -0700 (PDT) X-Google-Smtp-Source: APiQypJK68U1+88wdpfn+LaFX/Mhr4jNRu4+k+L4opmtNzJT3saJvd4l1BUP6sJD9pMM39qdiLR5 X-Received: by 2002:a17:906:3796:: with SMTP id n22mr1227012ejc.225.1588143963292; Wed, 29 Apr 2020 00:06:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588143963; cv=none; d=google.com; s=arc-20160816; b=tj+UVKU3GP086GOHw5OD1SxKaU2SKVEH9wISIM3UwtkjCllguzmMdhZlsM84vIpYYr MNWfHQHSdrW400TKf+hkq5UMSq8kmZ0ccK/TXT1neicmgwoObp95u1vVO1WgcI22qrYx nC3Bgu2fhg/0j7WoiO94b6clAJ+sSL+4fYnxeS+4JNLlAEynmrT1BpKfhxP7fL/yRdmD 3gxqHiZpDcWim2M/0oMJn2aNWPYGgZMNOaQhaJ1mJN4bzHWlX2tX0IaUPN+/BXdb9OnU 4tHKaRjGdJQjhXoqxPZFYRSu5D7z5nN5aXEKWYypxdy9qSdKSEJimkaIMde225/X8UWF z33w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:cc:ironport-sdr:ironport-sdr; bh=4OyRv4JBfSkt2IkP8l40M2oOCfBB4A+tbJCEnqcMoYo=; b=tZ7TwJAojpjcFGayaEh0MGL64vXF9wwigul+CaGyBuj3KHhOUj2lByb3126GJRagyv O++B+yB7j/fJGXQYdhkSCx8aLOYO7VnjQGuBb4X93NZ5Y9NVSD6aFI2WXITYpdqW02aH u37BNHTWLImLR0/rN7HLpz4kM414Axd+RE5teNJcDJu2NgAAqm5zFXUhsKTUfcVVPPG0 CDff/gOhf1gNb8PnLnc6Yk1yg/9kyxC6Zx6sLk3j0Rrvjc7lz0qdCCUdmzK4NgVKzf5G I7IThwcs1CKKDYV/xoGLLwxslA7OQWrWQfVPKzyRV5p95iMv/tbOg2AeZBlCRILkXB1y FDtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id me19si3234133ejb.140.2020.04.29.00.05.39; Wed, 29 Apr 2020 00:06:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726565AbgD2HBV (ORCPT + 99 others); Wed, 29 Apr 2020 03:01:21 -0400 Received: from mga07.intel.com ([134.134.136.100]:42563 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726158AbgD2HBV (ORCPT ); Wed, 29 Apr 2020 03:01:21 -0400 IronPort-SDR: lZ3219YFCMq0Em6g3ODZ4xcW7vqiOHIOctgQM89qBUQw7+ZJC5QJyMX9lOk3OV2kBgKy+wHJkA jsbA0lY83yRQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2020 00:01:20 -0700 IronPort-SDR: 4DvuVAJfnwee41/vUOY7D8kJA2vxdQDguCSVgDEfD+VPgf23D9je1CKT13vT2xgvP4h9E5vTMK lf2m1SGXRZSA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,330,1583222400"; d="scan'208";a="404952135" Received: from blu2-mobl3.ccr.corp.intel.com (HELO [10.254.210.254]) ([10.254.210.254]) by orsmga004.jf.intel.com with ESMTP; 29 Apr 2020 00:01:15 -0700 Cc: baolu.lu@linux.intel.com, Srivatsa Vaddagiri , tsoni@codeaurora.org, virtio-dev@lists.oasis-open.org, konrad.wilk@oracle.com, jan.kiszka@siemens.com, jasowang@redhat.com, christoffer.dall@arm.com, virtualization@lists.linux-foundation.org, alex.bennee@linaro.org, iommu@lists.linux-foundation.org, stefano.stabellini@xilinx.com, will@kernel.org, linux-kernel@vger.kernel.org, pratikp@codeaurora.org Subject: Re: [PATCH 5/5] virtio: Add bounce DMA ops To: "Michael S. Tsirkin" References: <1588073958-1793-1-git-send-email-vatsa@codeaurora.org> <1588073958-1793-6-git-send-email-vatsa@codeaurora.org> <20200428121232-mutt-send-email-mst@kernel.org> <20200428174952.GA5097@quicinc.com> <20200428163448-mutt-send-email-mst@kernel.org> <275eba4b-dd35-aa95-b2e3-9c5cbf7c6d71@linux.intel.com> <20200429004531-mutt-send-email-mst@kernel.org> <20200429023842-mutt-send-email-mst@kernel.org> From: Lu Baolu Message-ID: <80a3a471-0a2c-3ab3-529c-1b8b624679f8@linux.intel.com> Date: Wed, 29 Apr 2020 15:01:14 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <20200429023842-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/4/29 14:50, Michael S. Tsirkin wrote: > On Wed, Apr 29, 2020 at 01:42:13PM +0800, Lu Baolu wrote: >> On 2020/4/29 12:57, Michael S. Tsirkin wrote: >>> On Wed, Apr 29, 2020 at 10:22:32AM +0800, Lu Baolu wrote: >>>> On 2020/4/29 4:41, Michael S. Tsirkin wrote: >>>>> On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote: >>>>>> * Michael S. Tsirkin [2020-04-28 12:17:57]: >>>>>> >>>>>>> Okay, but how is all this virtio specific? For example, why not allow >>>>>>> separate swiotlbs for any type of device? >>>>>>> For example, this might make sense if a given device is from a >>>>>>> different, less trusted vendor. >>>>>> Is swiotlb commonly used for multiple devices that may be on different trust >>>>>> boundaries (and not behind a hardware iommu)? >>>>> Even a hardware iommu does not imply a 100% security from malicious >>>>> hardware. First lots of people use iommu=pt for performance reasons. >>>>> Second even without pt, unmaps are often batched, and sub-page buffers >>>>> might be used for DMA, so we are not 100% protected at all times. >>>>> >>>> For untrusted devices, IOMMU is forced on even iommu=pt is used; >>> I think you are talking about untrusted*drivers* like with VFIO. >> No. I am talking about untrusted devices like thunderbolt peripherals. >> We always trust drivers hosted in kernel and the DMA APIs are designed >> for them, right? >> >> Please refer to this series. >> >> https://lkml.org/lkml/2019/9/6/39 >> >> Best regards, >> baolu > Oh, thanks for that! I didn't realize Linux is doing this. > > So it seems that with modern Linux, all one needs > to do on x86 is mark the device as untrusted. > It's already possible to do this with ACPI and with OF - would that be > sufficient for achieving what this patchset is trying to do? Yes. > > Adding more ways to mark a device as untrusted, and adding > support for more platforms to use bounce buffers > sounds like a reasonable thing to do. > Agreed. Best regards, baolu