Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp945699rdb;
        Fri, 20 Oct 2023 04:22:11 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGO+lgXu8vEBDXJr25sN5OOJBP+kAnDsyJ7RKSBSNj5YXdBXBdc5cWCgpKuwawaiArQZL6y
X-Received: by 2002:a05:6870:1004:b0:1eb:e8b:7179 with SMTP id 4-20020a056870100400b001eb0e8b7179mr408008oai.34.1697800930864;
        Fri, 20 Oct 2023 04:22:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697800930; cv=none;
        d=google.com; s=arc-20160816;
        b=wF4qdIOcq0Xew3r8mjN1bUKPcGwSFkQNpkweRAZZu2iZJRPWFc1swUIOlSmFXNi737
         lumcybigtWuNr+CaQg2WMuHxtK8bjW1i+WqhMfqWDuybVOCjZBxla1vbK9SdN6ya8F50
         KmQHPekti3RQROXQtqsjrRol+AsEKcKD/JTZsUaTn35GXqo6WOCgj5IccAA2ztWWddMs
         QIu+ePu/CWPRha9NurP0T5fD4H57fYOoH9AEmV2ff5jyYJTo+hADfUWjKsQiXATJTLkW
         kIvOIsR0SUzVgNMsaylbrVgr7yvnZIXhkTc3aKShBMpDIz0ccjdCPz4aX3oolP7obQI2
         74vg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=GqJj71fpvF9iz1NN48zk0NV59qsTbv/ryeG06S4BWQw=;
        fh=axk9Wx1eW9YEa1v2kPi6uAu6B0kzzKhdqocu9gjhJAI=;
        b=s5611Z2xJ+LdCWyML7bMJ55ZNnSVNPXd46Uqf+eGg72HAXjiASExAZ1FvFMlAHvrep
         1/9nJ0PKlHVfURF+U1gzvAcQGXZBjcFhIfzLCWRPnXt0npbcy5p6nklU0D+KRxRWghGC
         Y4Agzitqf2rfCWU9EkaIEDekVbU3ZvtANVUey2TpBgCXifUnljYBIcSfRmQ1A8D2aPYf
         W40iLYb2GgeWZNA2ZAJrQPnBsUztK3zhQYm5955NjHMjKjc+WVcNMglNBtjAUY2ewHYn
         4ntaO40pEzuy9NcDFpI5mbcL2tAQs1/u4o0XfYZsRk46rLhHiQenkBYQMHWzLBihNA2M
         LyDA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
        by mx.google.com with ESMTPS id d18-20020a637352000000b005b87be63da6si959017pgn.488.2023.10.20.04.22.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 20 Oct 2023 04:22:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id 1F6B082F3064;
	Fri, 20 Oct 2023 04:22:08 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1376988AbjJTLV7 (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Fri, 20 Oct 2023 07:21:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40394 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1377034AbjJTLV6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Oct 2023 07:21:58 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1B80D57
        for <linux-kernel@vger.kernel.org>; Fri, 20 Oct 2023 04:21:56 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B91DC433C8;
        Fri, 20 Oct 2023 11:21:53 +0000 (UTC)
Date:   Fri, 20 Oct 2023 12:21:50 +0100
From:   Catalin Marinas <catalin.marinas@arm.com>
To:     Jason Gunthorpe <jgg@nvidia.com>
Cc:     Will Deacon <will@kernel.org>,
        Lorenzo Pieralisi <lpieralisi@kernel.org>, ankita@nvidia.com,
        maz@kernel.org, oliver.upton@linux.dev, aniketa@nvidia.com,
        cjia@nvidia.com, kwankhede@nvidia.com, targupta@nvidia.com,
        vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com,
        jhubbard@nvidia.com, danw@nvidia.com,
        linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 2/2] KVM: arm64: allow the VM to select DEVICE_* and
 NORMAL_NC for IO memory
Message-ID: <ZTJizmxV4Gtb4g3S@arm.com>
References: <ZR6IZwcFNw55asW0@lpieralisi>
 <20231012123541.GB11824@willie-the-truck>
 <ZSf6Ue09IO6QMBs1@arm.com>
 <20231012144807.GA12374@willie-the-truck>
 <ZSgsKSCv-zWgtWkm@arm.com>
 <20231013092934.GA13524@willie-the-truck>
 <ZSlBOiebenPKXBY4@arm.com>
 <20231013134541.GP3952@nvidia.com>
 <ZTEN_oe97VRWbnHb@arm.com>
 <20231019115142.GQ3952@nvidia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20231019115142.GQ3952@nvidia.com>
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 20 Oct 2023 04:22:08 -0700 (PDT)

On Thu, Oct 19, 2023 at 08:51:42AM -0300, Jason Gunthorpe wrote:
> On Thu, Oct 19, 2023 at 12:07:42PM +0100, Catalin Marinas wrote:
> > Talking to Will earlier, I think we can deem the PCIe scenario
> > (somewhat) safe but not as a generic mechanism for other non-PCIe
> > devices (e.g. platform). With this concern, can we make this Stage 2
> > relaxation in KVM only for vfio-pci mappings? I don't have an example of
> > non-PCIe device assignment to figure out how this should work though.
> 
> It is not a KVM problem. As I implied above it is VFIO's
> responsibility to reliably reset the device, not KVMs. If for some
> reason VFIO cannot do that on some SOC then VFIO devices should not
> exist.
> 
> It is not KVM's job to double guess VFIO's own security properties.

I'd argue that since KVM is the one relaxing the memory attributes
beyond what the VFIO driver allows the VMM to use, it is KVM's job to
consider the security implications. This is fine for vfio-pci and
Normal_NC but I'm not sure we can generalise.

> Specifically about platform the generic VFIO platform driver is the
> ACPI based one. If the FW provides an ACPI method for device reset
> that is not properly serializing, that is a FW bug. We can quirk it in
> VFIO and block using those devices if they actually exist.
> 
> I expect the non-generic VFIO platform drivers to take care of this
> issue internally with, barriers, read from devices, whatver is
> required to make their SOCs order properly. Just as I would expect a
> normal Linux platform driver to directly manage whatever
> implementation specific ordering quirks the SOC may have.

This would be a new requirement if an existing VFIO platform driver
relied on all mappings being Device. But maybe that's just theoretical
at the moment, are there any concrete examples outside vfio-pci? If not,
we can document it as per Lorenzo's suggestion to summarise this
discussion under Documentation/.

-- 
Catalin