Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp4044406pxv; Tue, 13 Jul 2021 09:27:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwrIdPg9vE1wUDsLiYHP345GVdGUIQdGKn9oo9oiGTJWw5Dcc03K+/q4qyw4qFOrkfTCKzK X-Received: by 2002:aa7:cfcf:: with SMTP id r15mr6783002edy.161.1626193674139; Tue, 13 Jul 2021 09:27:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626193674; cv=none; d=google.com; s=arc-20160816; b=THyQZTFmQ7Udyp+HSi9FInnaGaCdoDhp/0KYY4UANoJGz7g6Vu/C5wRJP5vZ5970nB hEeIyQbJWwg82i9+aaaJzhkZEwt34TaPdflU4Fd4zqTczPSCEy56zItM0ohhw7Co64Z5 N2AmhHUUvM6qmNpT7bV4p2zxzLbrf9zBehxVTV+xJ3VJtt6tCzlcYBdQdrtBSddGpEbL /uJG/tY3JxjB5fbBpX10aEoGOO3uiivlFCQsMNMxVX20YZvXDMhTB7TQawX1O4AloNrv j/o3eUzit6pl9dfKACjAiUefJpSzczwjc2BoevlDnd+TMBqxuzmh75vJidoNwvaF0JuU cWfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=aUNFSZ0FEoShWeStx0gKzE+MBfhHSV0LmcBrnFbHTXY=; b=ZZwQzcR4ro4ox3bOXTG+qr+44thztrg/42gOOIgYY7X7ZUTT6AisXIgzV+XOHSFekP 6gYhk9hoj1uPJMGI9/HYZPU/7Z8ZsNsIDoS2GD7opBxS/sBQfHrr0vtxkCHV/hXXVy02 KHpwCyqmNjsfTn59O9k5SX67dvir+M+UAr9b9E6+21SJNO0SnrsMDHBM4lMsougw0n77 QL7pWsA6w2pcz6w6m4CoEqtjBX8BpmoTRFkpejr5LK7EMq4F6b7CJd7OQ4C9i44/NzX6 Bh0GYTXdp7nvu4O+t9ge7SCgPB4nF2sXwmLnwO1Xu267mWlzJ+KcwZG4s8C3EZE9cq/w NwFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=imYZ3nnr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c23si489859eds.77.2021.07.13.09.27.29; Tue, 13 Jul 2021 09:27:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=imYZ3nnr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230074AbhGMQ3D (ORCPT + 99 others); Tue, 13 Jul 2021 12:29:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20448 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229555AbhGMQ3C (ORCPT ); Tue, 13 Jul 2021 12:29:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626193572; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aUNFSZ0FEoShWeStx0gKzE+MBfhHSV0LmcBrnFbHTXY=; b=imYZ3nnr50zpDOZ363UQPIDY1+KD88gVR6aWNmF8CRaUzzIXpILEq+OdmRrMcPHpFU1rwP /OHAOxhMh1XmzmHo5QroNfqhqLgxGUiCDgdHNVLJ9v56+TDIKndkIyp3jbB4AuEt4IaBQy tlsOCPsle8EzLOMsaRsb6UCinn0BtAw= Received: from mail-oi1-f198.google.com (mail-oi1-f198.google.com [209.85.167.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-159-hYg4s6djMwOy0jCucsL20g-1; Tue, 13 Jul 2021 12:26:11 -0400 X-MC-Unique: hYg4s6djMwOy0jCucsL20g-1 Received: by mail-oi1-f198.google.com with SMTP id u30-20020a056808151eb029025a08429ca1so5322676oiw.23 for ; Tue, 13 Jul 2021 09:26:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aUNFSZ0FEoShWeStx0gKzE+MBfhHSV0LmcBrnFbHTXY=; b=ZPMkDr8es8S6ltk22IQ/zusyE8q2ig8+r31iTirh6Gi5T1uUf1Rrkgs+qeLg4/TaRX 3bdu3lasvPaCwPxOSpdeWxOTe7Co8MZtt4JE2Uq/3e/5hs2MoUJyRWcIS65zkf+2AWs1 0aORXga0ePubmXabCDndYI7QSgymyTIfTEYsUWncwnbeGp5U1yp+mjnHDSt1q3+BfBY+ IOOvaKu53VB06eH2jY596MvparI6YxfaIR4X3CjHVNlzl3WTbiooYw+uKlNj1AkALreq WMqWDuqdXgvzDu5P6lyaRFVax1qD11Y5fLpUERsGpQw5qcsSjMHu2dhZJrgMnMhSpeqn UK4g== X-Gm-Message-State: AOAM532+CyUvKTGE6VNPXnojCQbUcL4B9L1jw6jmZVxHRm0Su0mFqcer kpFFMokIrxQLrHePKfNwpg9h+utQr7m4uYaPDVCLKtLB4hB6ykiOZK/yftbCRn96C/wukqfdbOe XpvEGuSzhpwZSqMtv+s3fXBrf X-Received: by 2002:aca:1e04:: with SMTP id m4mr3818779oic.1.1626193570358; Tue, 13 Jul 2021 09:26:10 -0700 (PDT) X-Received: by 2002:aca:1e04:: with SMTP id m4mr3818748oic.1.1626193570154; Tue, 13 Jul 2021 09:26:10 -0700 (PDT) Received: from redhat.com ([198.99.80.109]) by smtp.gmail.com with ESMTPSA id l15sm1047355otk.56.2021.07.13.09.26.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jul 2021 09:26:09 -0700 (PDT) Date: Tue, 13 Jul 2021 10:26:07 -0600 From: Alex Williamson To: Jason Gunthorpe Cc: "Tian, Kevin" , Jean-Philippe Brucker , David Gibson , Jason Wang , "parav@mellanox.com" , "Enrico Weigelt, metux IT consult" , Paolo Bonzini , Shenming Lu , Joerg Roedel , Eric Auger , Jonathan Corbet , "Raj, Ashok" , "Liu, Yi L" , "Wu, Hao" , "Jiang, Dave" , Jacob Pan , Kirti Wankhede , Robin Murphy , "kvm@vger.kernel.org" , "iommu@lists.linux-foundation.org" , David Woodhouse , LKML , Lu Baolu Subject: Re: [RFC v2] /dev/iommu uAPI proposal Message-ID: <20210713102607.3a886fee.alex.williamson@redhat.com> In-Reply-To: <20210713125503.GC136586@nvidia.com> References: <20210709155052.2881f561.alex.williamson@redhat.com> <20210712124150.2bf421d1.alex.williamson@redhat.com> <20210713125503.GC136586@nvidia.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Jul 2021 09:55:03 -0300 Jason Gunthorpe wrote: > On Mon, Jul 12, 2021 at 11:56:24PM +0000, Tian, Kevin wrote: > > > Maybe I misunderstood your question. Are you specifically worried > > about establishing the security context for a mdev vs. for its > > parent? > > The way to think about the cookie, and the device bind/attach in > general, is as taking control of a portion of the IOMMU routing: > > - RID > - RID + PASID > - "software" > > For the first two there can be only one device attachment per value so > the cookie is unambiguous. > > For "software" the iommu layer has little to do with this - everything > is constructed outside by the mdev. If the mdev wishes to communicate > on /dev/iommu using the cookie then it has to do so using some iommufd > api and we can convay the proper device at that point. > > Kevin didn't show it, but along side the PCI attaches: > > struct iommu_attach_data * iommu_pci_device_attach( > struct iommu_dev *dev, struct pci_device *pdev, > u32 ioasid); > > There would also be a software attach for mdev: > > struct iommu_attach_data * iommu_sw_device_attach( > struct iommu_dev *dev, struct device *pdev, u32 ioasid); > > Which does not connect anything to the iommu layer. > > It would have to return something that allows querying the IO page > table, and the mdev would use that API instead of vfio_pin_pages(). Quoting this proposal again: > 1) A successful binding call for the first device in the group creates > the security context for the entire group, by: > > * Verifying group viability in a similar way as VFIO does; > > * Calling IOMMU-API to move the group into a block-dma state, > which makes all devices in the group attached to an block-dma > domain with an empty I/O page table; > > VFIO should not allow the user to mmap the MMIO bar of the bound > device until the binding call succeeds. The attach step is irrelevant to my question, the bind step is where the device/group gets into a secure state for device access. So for IGD we have two scenarios, direct assignment and software mdevs. AIUI the operation of VFIO_DEVICE_BIND_IOMMU_FD looks like this: iommu_ctx = iommu_ctx_fdget(iommu_fd); mdev = mdev_from_dev(vdev->dev); dev = mdev ? mdev_parent_dev(mdev) : vdev->dev; iommu_dev = iommu_register_device(iommu_ctx, dev, cookie); In either case, this last line is either registering the IGD itself (ie. the struct device representing PCI device 0000:00:02.0) or the parent of the GVT-g mdev (ie. the struct device representing PCI device 0000:00:02.0). They're the same! AIUI, the cookie is simply an arbitrary user generated value which they'll use to refer to this device via the iommu_fd uAPI. So what magic is iommu_register_device() doing to infer my intentions as to whether I'm asking for the IGD RID to be isolated or I'm only creating a software context for an mdev? Thanks, Alex