Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4744813pxj; Tue, 25 May 2021 15:36:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWw+gvS7UTbFqViDlXyamGtdeg4I8Oz8eoiyMUx7g9z1wzpXLafzQV/wxwiC6dxsXLSunQ X-Received: by 2002:a92:1909:: with SMTP id 9mr23483092ilz.229.1621982195470; Tue, 25 May 2021 15:36:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1621982195; cv=pass; d=google.com; s=arc-20160816; b=FdfsWTsJ0+/84esCGxZxnCA0uE2VlFKVicTxbCsFUW9W6/jkyzfgw+MJhLf4L4bMsi MVg5TULoA6yW8cdwKxP+2CFnpjjbcDXBfoOFO+VP74I48RxNbx0NLy9rh2fPtkef8nBY UQ1SYFOVEdj5NlD+x/DfHPclVTckvNuztYOavKF3tmpwIxoczC2k4Z8FMvSwVQli9TYd +m8yV9QWUgTmNzVfHODWcS+K0wfjOklpS2w50bcKtpsiDxXDBCgZzU+XeQbxox1f8L50 2aUslcxlGlklQjRRNnySYnRgBe8FIrNxm3P8V7OzrMLDMjPgJb6WRA30xBgOZ9z2ukrU kIqw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=RG+TkWyAjgSfV57JTYBN5pfP9qi8Aer6pL70Iw1rpRc=; b=aprNZ42HayXsOCwYCWdlqtRrhX8tNnBlWKkwHBpOXtXyMen9/uPZt+bw2TYxjMGD5H rITYPfj6i1DW0UIHSAN305SpmhX83RJ0X5AprPonyWvooe8g2i+bun+b2nbxn0W9EJ7J lemwKvP1z4Nnsy5kjOsU7nlip/TsBcH8q/TzJyKBGcODsd5M0HrLHjYhjFEimqxKVH9f SGHBHp3sO9wGbIv0vn128hK0Syuf4U7CfhISSCEnpuXgr9FymvYL/3iUY6TZ7909ND3M oJkG03ijdhR8nQ9HiFJzk6MEcghoWNf8RW3IuxYU6uoZ2aaBTaY3rhDO8A1r3Ug9H+Wo j2LQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=FLxNl4gn; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t128si21905557iof.16.2021.05.25.15.36.22; Tue, 25 May 2021 15:36:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=FLxNl4gn; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232596AbhEYVTr (ORCPT + 99 others); Tue, 25 May 2021 17:19:47 -0400 Received: from mail-dm6nam08on2057.outbound.protection.outlook.com ([40.107.102.57]:7360 "EHLO NAM04-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S232526AbhEYVTq (ORCPT ); Tue, 25 May 2021 17:19:46 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fg2QllQSAFbUWgY+b+/qYKfQnlitIV9IYcze/vbaWEh6Ohphhzxc9DGsF2IgELS93AWRLqFXRZ513tATv5uc0R8vP8ZuQvGjxpl3VUWj6hxmnb625w+GiTQX0W1840czVn0/WF7mq8ZdTeYXXU4arSOxSMYpjbhhdMf36/NyPzS9fWk4h4YTURWUlMrqTAXBwxmwqFJ4kqaxFE1WCPvDnCMLq+hEMr154WvULoCp9A+9gDihtZuxl52kHPqtExr34FSAgPdzo/49nFWxeA01GeT2GgV3URx4bRvnuVxG8dYOwoTOCgkrQAa57O/d5XGkORQMFiQPBNllHjW9pcN1aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RG+TkWyAjgSfV57JTYBN5pfP9qi8Aer6pL70Iw1rpRc=; b=QIkQAut1orWelc9nyHhIHH0Fnmjy6Di5UAwt/0vZSkl8EcSEOoLKM9o1+5oZY2dgo2gvfZk4dM0C+F4PVRhO89Gj9QKknE9DpWSsw5MaVmjNz9ZkwnDeATSz9qbGz8qQm9XGDD2UGqDYi3In/TxifWPsoM2O8Xf68QEY/68q39DTXoDYo6vMUMq1TyZajSSwZx9snMB4OV+8uQZx4tDrKoGvnL2wqiHUj3QsWCinrEYruWnZWwz/MHC9orPOyrkHNfRJlQhPhClhgX4UrVwPLmXlNMngva/P0epL6j71HNjw8j5uj9fUqJpIb35M/Q1J2P0Vu3W0xlXTji58TgMc8Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RG+TkWyAjgSfV57JTYBN5pfP9qi8Aer6pL70Iw1rpRc=; b=FLxNl4gntkYbUALm1qMFLZkQDuzm9x8AEpHHvFDu8F4xdDQT7csGgwLVECogKcF1Zay+1gG846omCt2RZm9SUBb4lQR0lMLLt8uoejDpg1t4bcWHg+laA0eregegOJCLZipIQKiJuPDXwZ28QV9OiyKO0WR826Y1PSp57DF9VO0qlVbGUtgkptcCAzBZeOQ0Ieb63Z3Rw8+cgqT+u4fA9QzNOzTYEcVtvV2fylgLSqYaIT/N21AIMrB4HicKcTDEwcRHrzMDYzXvdKcPW6il8sfzt5ktufenjzPbVZsbw5fWAoVfedHakZiQvQ7RIXxbOfxljpJ75Uvu/Gohg6kO9w== Received: from DM5PR07CA0073.namprd07.prod.outlook.com (2603:10b6:4:ad::38) by CY4PR12MB1864.namprd12.prod.outlook.com (2603:10b6:903:11c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20; Tue, 25 May 2021 21:18:14 +0000 Received: from DM6NAM11FT062.eop-nam11.prod.protection.outlook.com (2603:10b6:4:ad:cafe::ef) by DM5PR07CA0073.outlook.office365.com (2603:10b6:4:ad::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23 via Frontend Transport; Tue, 25 May 2021 21:18:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by DM6NAM11FT062.mail.protection.outlook.com (10.13.173.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4129.25 via Frontend Transport; Tue, 25 May 2021 21:18:14 +0000 Received: from [10.40.101.125] (172.20.145.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 25 May 2021 21:18:07 +0000 Subject: Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs To: Jason Gunthorpe CC: David Gibson , Alex Williamson , "Liu, Yi L" , Jacob Pan , Auger Eric , Jean-Philippe Brucker , "Tian, Kevin" , LKML , Joerg Roedel , Lu Baolu , David Woodhouse , "iommu@lists.linux-foundation.org" , "cgroups@vger.kernel.org" , Tejun Heo , Li Zefan , Johannes Weiner , "Jean-Philippe Brucker" , Jonathan Corbet , "Raj, Ashok" , "Wu, Hao" , "Jiang, Dave" , Alexey Kardashevskiy , Neo Jia References: <20210427171212.GD1370958@nvidia.com> <20210428145622.GU1370958@nvidia.com> <20210503161518.GM1370958@nvidia.com> <20210513135938.GG1002214@nvidia.com> <20210524233744.GT1002214@nvidia.com> <20210525195257.GG1002214@nvidia.com> X-Nvconfidentiality: public From: Kirti Wankhede Message-ID: <6b13399d-cf03-1e71-3624-c39d4d05e958@nvidia.com> Date: Wed, 26 May 2021 02:48:03 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.9.1 MIME-Version: 1.0 In-Reply-To: <20210525195257.GG1002214@nvidia.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [172.20.145.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4ef9629e-7a3c-4064-ad31-08d91fc29bb5 X-MS-TrafficTypeDiagnostic: CY4PR12MB1864: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2201; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Q8Stdjbau3RHOHmQ3/1eiexTyTeCPe0TdRJsvBhZ7weHf365a+pPTHXFbGDggld5HhfyZqzhpDRWno4lcrcitEHN+GUNcp7CQGszUOppor1gJuM64cBcHzvkb4sCpZfx8BR2vjdMS0v7ubZ1y/Qz/XgyX2o7WcK62psALW8hX3Q2vX6jkf273tMEyTD0ELmA7mind6Bw3XHb9PzY9jLW/zZtS3W46K8X21ANv4kS0nNjeh3Ks2Q9//SsCNFcgzxFecQgsPOykQ29mFJiHfwXtjgwdUIAFfG/qEXouQyZNiQPlloBkxnrvkuDBxnhA4/WPMTEz/YT+PNS1smichO3LUVxuQ2RL6ozW0o1KS8lLayqA874ZOmrGe0/1C34D1/AXIFcuRdF08eAeNtVem/dIRSh5jkLjdcwnaU7TWoINC/aal6H1cz2YP6UuzdfJK0MXheoqGqtUrD3tIPaI7ACioHhRmBVDAWwZWAm6tm/WBq0Jpd8kMdfJ3nfpVm5fiX4FU6Cd9+bKGA8CL5ENFt/Wkx1tx2uQQETaNIeM0RYb7yuJxFawDMxkLf7xUMf/ENobaEa9IN6j8OGk69aUVm74okVZMVf3ErBrTvYdXWPpKAWaxAVlzWpVP7l+KpdsLzoXvR8su+Rb4bTYHRFpqRQz1tOAzgWRwkWgMUNhzF5CwXDpa8pV6B1qiykBsWigmCE X-Forefront-Antispam-Report: CIP:216.228.112.34;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:schybrid03.nvidia.com;CAT:NONE;SFS:(4636009)(346002)(136003)(39860400002)(396003)(376002)(36840700001)(46966006)(6636002)(8936002)(8676002)(6862004)(2906002)(4326008)(47076005)(26005)(36756003)(107886003)(478600001)(70206006)(82310400003)(83380400001)(70586007)(356005)(186003)(6666004)(82740400003)(336012)(2616005)(86362001)(31696002)(426003)(4744005)(16526019)(54906003)(5660300002)(53546011)(7416002)(36860700001)(36906005)(316002)(31686004)(16576012)(37006003)(7636003)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2021 21:18:14.5097 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ef9629e-7a3c-4064-ad31-08d91fc29bb5 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.34];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT062.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1864 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/26/2021 1:22 AM, Jason Gunthorpe wrote: > On Wed, May 26, 2021 at 12:56:30AM +0530, Kirti Wankhede wrote: > >> 2. iommu backed mdev devices for SRIOV where mdev device is created per >> VF (mdev device == VF device) then that mdev device has same iommu >> protection scope as VF associated to it. > > This doesn't require, and certainly shouldn't create, a fake group. > > Only the VF's real IOMMU group should be used to model an iommu domain > linked to a VF. Injecting fake groups that are proxies for real groups > only opens the possibility of security problems like David is > concerned with. > I think this security issue should be addressed by letting mdev device inherit its parent's iommu_group, i.e. VF's iommu_group here. Kirti > Max's series approaches this properly by fully linking the struct > pci_device of the VF throughout the entire VFIO scheme, including the > group and container, while still allowing override of various VFIO > operations. > > Jason >