Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1643190pxj; Fri, 18 Jun 2021 11:31:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBp17OME/qQSX9M3+gy1Now1TetehbwSnPEPb0kXC3Pe/zAKWFw04R4qO1sK7kjLH+phUK X-Received: by 2002:a92:dac3:: with SMTP id o3mr8056396ilq.290.1624041089963; Fri, 18 Jun 2021 11:31:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624041089; cv=none; d=google.com; s=arc-20160816; b=y1BuCkouZPOVaV2kyXkp49608bdb2qhJzfM61xAAiH7PxnMt/OZFdGzzM2sU316ksS SA79cBX3As8+mrlqbBDEzkmd9IoyjKINOugCdrKVmh8OJPKvcM/fTte942yZjb2iC1uE dmthxZZAPUSSh+/0oihYQ0QDuTAdvtWR6XmoHHCV6CJ2ZfaMOC85t0nHMsQEF8pDTguW lRiGupgp5EzDq5bd0xWSv/aRr/BxEdoBFA3t92SwMfPsFOkgJYG9XoAk+YWyKreeDVpD ZqhGhff/90aelkH5LEndBtcgt5GjICGdCou/BDJbvW5aM9+Z95tpT6LzQ7XVPA+koAIu cu4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=JVwuPKsfZTk9npk6SZs3s24SHTh7islJ0NTlxGN/OZw=; b=ARjdQR18nKsBdfPm6TEAhNzV14yiA5dvxLusKVTUFBN/vLYyqGAZ8/42d1hWTuyH3b v8ND7FxV0DHLPm8LM6XTTCTTrc8YRe+0zscmCKN0+5DYcdBJhA/OsZldpAlGc9mBJYWK 9mO/dvlH+Q51qaYtvZC4kFbcukfeBG5rROtMwoZ2oxhOCmqFqItr/7+L4PDy+CDbpwCh nURxncgwV+zRWPNVDtFz10ne+ly8GbvhTAN0W0BU1MmeZ7NuJe4hm3gQr5jNAKzeIXjQ C1GyIYd9ZwnoSwoOM/333rHa1dDw1p9bC5/EjmyKzTCKNlTcck3udtH5tuJGycdtvaI8 FuoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i19si3594080ilj.131.2021.06.18.11.31.17; Fri, 18 Jun 2021 11:31:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235536AbhFRPjs (ORCPT + 99 others); Fri, 18 Jun 2021 11:39:48 -0400 Received: from mga11.intel.com ([192.55.52.93]:45828 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230334AbhFRPjr (ORCPT ); Fri, 18 Jun 2021 11:39:47 -0400 IronPort-SDR: tSvdvpt9fUhTWz2YmMjj8LlhZJtM4kLLDS/U4MafrojeJ2l8CeQv8TrtP1V77vxMsmJqN9M0M5 LK0RyMu7yXUg== X-IronPort-AV: E=McAfee;i="6200,9189,10019"; a="203549581" X-IronPort-AV: E=Sophos;i="5.83,284,1616482800"; d="scan'208";a="203549581" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2021 08:37:38 -0700 IronPort-SDR: xhESf2oMa+8VoQ5jV/dGg2MUo/FbH7/yt+V3DJLY/BhMChnHHNfE0MCQxRHVYZgqywzqx4n2m3 RcB9xiGAa+tA== X-IronPort-AV: E=Sophos;i="5.83,284,1616482800"; d="scan'208";a="489102206" Received: from otc-nc-03.jf.intel.com (HELO otc-nc-03) ([10.54.39.36]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2021 08:37:37 -0700 Date: Fri, 18 Jun 2021 08:37:35 -0700 From: "Raj, Ashok" To: Jason Gunthorpe Cc: Joerg Roedel , "Tian, Kevin" , Alex Williamson , Jean-Philippe Brucker , David Gibson , Jason Wang , "parav@mellanox.com" , "Enrico Weigelt, metux IT consult" , Paolo Bonzini , Shenming Lu , Eric Auger , Jonathan Corbet , "Liu, Yi L" , "Wu, Hao" , "Jiang, Dave" , Jacob Pan , Kirti Wankhede , Robin Murphy , "kvm@vger.kernel.org" , "iommu@lists.linux-foundation.org" , David Woodhouse , LKML , Lu Baolu , Ashok Raj Subject: Re: Plan for /dev/ioasid RFC v2 Message-ID: <20210618153735.GA37688@otc-nc-03> References: <20210612105711.7ac68c83.alex.williamson@redhat.com> <20210614140711.GI1002214@nvidia.com> <20210614102814.43ada8df.alex.williamson@redhat.com> <20210615101215.4ba67c86.alex.williamson@redhat.com> <20210616133937.59050e1a.alex.williamson@redhat.com> <20210618151506.GG1002214@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210618151506.GG1002214@nvidia.com> User-Agent: Mutt/1.5.24 (2015-08-30) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 18, 2021 at 12:15:06PM -0300, Jason Gunthorpe wrote: > On Fri, Jun 18, 2021 at 03:47:51PM +0200, Joerg Roedel wrote: > > Hi Kevin, > > > > On Thu, Jun 17, 2021 at 07:31:03AM +0000, Tian, Kevin wrote: > > > Now let's talk about the new IOMMU behavior: > > > > > > - A device is blocked from doing DMA to any resource outside of > > > its group when it's probed by the IOMMU driver. This could be a > > > special state w/o attaching to any domain, or a new special domain > > > type which differentiates it from existing domain types (identity, > > > dma, or unmanged). Actually existing code already includes a > > > IOMMU_DOMAIN_BLOCKED type but nobody uses it. > > > > There is a reason for the default domain to exist: Devices which require > > RMRR mappings to be present. You can't just block all DMA from devices > > until a driver takes over, we put much effort into making sure there is > > not even a small window in time where RMRR regions (unity mapped regions > > on AMD) are not mapped. > > Yes, I think the DMA blocking can only start around/after a VFIO type > driver has probed() and bound to a device in the group, not much > different from today. Does this mean when a device has a required "RMRR" that requires a unity mapping we block assigning those devices to guests? I remember we had some restriction but there was a need to go around it at some point in time. - Either we disallow assigning devices with RMRR - Break that unity map when the device is probed and after which any RMRR access from device will fault. Cheers, Ashok