Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp5936957rwn; Mon, 12 Sep 2022 17:31:49 -0700 (PDT) X-Google-Smtp-Source: AA6agR4cpctc5fRx0r+ucK6fnI0H/2gKALuWRFhmcq6OPckfR3dhUrxjTLIPYqQZ939MySjhN4pv X-Received: by 2002:a17:907:961a:b0:77a:5ca3:f467 with SMTP id gb26-20020a170907961a00b0077a5ca3f467mr11185458ejc.281.1663029109506; Mon, 12 Sep 2022 17:31:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663029109; cv=none; d=google.com; s=arc-20160816; b=OsKKKiKcKllOAHCLAD0dnX6uXlHl9fmxWjIYSGg4GdS/F7mSbuqiFE18iokG4gFY0P M4k2VslLYCg1ViEYSe0WRjA5aeYMZDWVR7ffc1MiojVPITsj96+HwmQZHRQPhdtaJE6B KTJrwD3t2vs3DsK3fjV3CuP2JfhMhGcIDPdTh9RAHaiFobOj069wvjv2HeZmeEkrSvKh Q8sUDSe7RSfj46+fmIJBy4n+RRv+JXZ/3w0U3WC9QKS9Oz4xw275X7QLBcGv3Cq6DDT1 jZO9jJyc2UNiu4/gxeiPf3PcyiwqUwwtjecXKrU7c19dNoWnQT/zPBbgtkA44yoSO1v2 MIdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=deOufLO3efcWRFQxnpZd2eRTSPtNhIcIsgcaWQTPh+o=; b=gtvBj0lFiMAm3DYiBQVH2O+AWoTIHXke8AZ/EiSriuowIUdVXW3fpmzYoaqoUEWwih dVwCFWS+OeKx4/22nStL3DIUZ5obOgJMrcPFeSpR5AKhyyh3RXMdi3Qre0KdhfixaCx3 RfVpdUGfp4y9rr2MHh/yFfyjYVpVZBuIjLBMhvXHbhlVB7BLlzT7T6WhDaKd3YUQGwvI 2gt+sr6iHqVHKT5BpcHu4afE7Ztgzpdd1M+BuotzYanpE08KBGZ9fQy+Uiuk/YWKAZik 86xV8o5cWH5gIjOhe6w+T2NfTmK8vskFngFtQs0RFRo/+rMFpVnC6ncT1D/frQbejkWD Kbag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AYN57LV2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h21-20020a0564020e9500b00447b0cc1501si7274708eda.99.2022.09.12.17.31.17; Mon, 12 Sep 2022 17:31:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AYN57LV2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229811AbiIMAEw (ORCPT + 99 others); Mon, 12 Sep 2022 20:04:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41564 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229702AbiIMAEs (ORCPT ); Mon, 12 Sep 2022 20:04:48 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6FA07101F0 for ; Mon, 12 Sep 2022 17:04:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663027487; x=1694563487; h=date:from:to:cc:subject:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=e08DO+nESv5SUFPLV4pDZkpPx6WqURD0tlXib9o8nS0=; b=AYN57LV2U+T6tFGCvPKl+UK3P93K+dPxNI9EZK7dkJVxt3Pk+sM/5Cky 9rlTzw6ufR8fjn6Vn0S6PI40BMUOUwZqoqGSGh3MzLIYiZ+fUSmJDBU7N 7mnyr2kt5vVroztDoX+KVaIdGt0tzelExXQks3DhR90BHv/Q+GBGW5LoQ XPCW2db4+s12wrRFj/nm0LuezqeH44QvNwVnm90s8ZMt7exJrR9hYMJe9 MDd8VRKfJII35lfJTtCwZJWGK7Ri+KCAQKjKkS3Viz6O6uX1x2bVCXWhY Kf/k6Azwyh5jZ5Sat5+2lStw8xwmsLq7px6G7RgWk7ifaV/VViDMz3KMR w==; X-IronPort-AV: E=McAfee;i="6500,9779,10468"; a="278392163" X-IronPort-AV: E=Sophos;i="5.93,311,1654585200"; d="scan'208";a="278392163" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2022 17:04:46 -0700 X-IronPort-AV: E=Sophos;i="5.93,311,1654585200"; d="scan'208";a="646689982" Received: from jacob-builder.jf.intel.com (HELO jacob-builder) ([10.7.198.157]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2022 17:04:46 -0700 Date: Mon, 12 Sep 2022 17:08:09 -0700 From: Jacob Pan To: "Kirill A. Shutemov" Cc: "Kirill A. Shutemov" , Ashok Raj , Dave Hansen , Andy Lutomirski , "Peter Zijlstra" , , Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , , , Ashok Raj , jacob.jun.pan@intel.com Subject: Re: [PATCHv8 00/11] Linear Address Masking enabling Message-ID: <20220912170809.101fa976@jacob-builder> In-Reply-To: <20220912224930.ukakmmwumchyacqc@box.shutemov.name> References: <20220830010104.1282-1-kirill.shutemov@linux.intel.com> <20220904003952.fheisiloilxh3mpo@box.shutemov.name> <20220912224930.ukakmmwumchyacqc@box.shutemov.name> Organization: OTC X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kirill, On Tue, 13 Sep 2022 01:49:30 +0300, "Kirill A. Shutemov" wrote: > On Sun, Sep 04, 2022 at 03:39:52AM +0300, Kirill A. Shutemov wrote: > > On Thu, Sep 01, 2022 at 05:45:08PM +0000, Ashok Raj wrote: > > > Hi Kirill, > > > > > > On Tue, Aug 30, 2022 at 04:00:53AM +0300, Kirill A. Shutemov wrote: > > > > Linear Address Masking[1] (LAM) modifies the checking that is > > > > applied to 64-bit linear addresses, allowing software to use of the > > > > untranslated address bits for metadata. > > > > > > We discussed this internally, but didn't bubble up here. > > > > > > Given that we are working on enabling Shared Virtual Addressing (SVA) > > > within the IOMMU. This permits user to share VA directly with the > > > device, and the device can participate even in fixing page-faults and > > > such. > > > > > > IOMMU enforces canonical addressing, since we are hijacking the top > > > order bits for meta-data, it will fail sanity check and we would > > > return a failure back to device on any page-faults from device. > > > > > > It also complicates how device TLB and ATS work, and needs some major > > > improvements to detect device capability to accept tagged pointers, > > > adjust the devtlb to act accordingly. > > > > > > > > > Both are orthogonal features, but there is an intersection of both > > > that are fundamentally incompatible. > > > > > > Its even more important, since an application might be using SVA > > > under the cover provided by some library that's used without their > > > knowledge. > > > > > > The path would be: > > > > > > 1. Ensure both LAM and SVM are incompatible by design, without major > > > changes. > > > - If LAM is enabled already and later SVM enabling is > > > requested by user, that should fail. and Vice versa. > > > - Provide an API to user to ask for opt-out. Now they know > > > they must sanitize the pointers before sending to device, or the > > > working set is already isolated and needs no work. > > > > The patch below implements something like this. It is PoC, build-tested > > only. > > > > To be honest, I hate it. It is clearly a layering violation. It feels > > dirty. But I don't see any better way as we tie orthogonal features > > together. > > > > Also I have no idea how to make forced PASID allocation if LAM enabled. > > What the API has to look like? > > Jacob, Ashok, any comment on this part? > > I expect in many cases LAM will be enabled very early (like before malloc > is functinal) in process start and it makes PASID allocation always fail. > Is there a generic flag LAM can set on the mm? We can't check x86 feature in IOMMU SVA API. i.e. @@ -32,6 +33,15 @@ int iommu_sva_alloc_pasid(struct mm_struct *mm, ioasid_t min, ioasid_t max) return -EINVAL; mutex_lock(&iommu_sva_lock); + + /* Serialize against LAM enabling */ + mutex_lock(&mm->context.lock); + + if (mm_lam_cr3_mask(mm)) { + ret = -EBUSY; + goto out; + } + > Any way out? > Thanks, Jacob