Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp610840lqd; Wed, 24 Apr 2024 11:22:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUbrCyKbaEQkja4TrSFTNBDoRo78DrofXFXFgHc+ob/5dGSIJa6hZ2FVpLtRfxS9Xhsg0ElDW+J6l8W0L6eVWy8gEB4yIo97oJ5V1d0bA== X-Google-Smtp-Source: AGHT+IG+1wUa7YJ2Edvdgi+ko4kSESKUIe1nCOQeEHg3S4D9WfKOcrPEcy/5T+etnncsXG5rPNCM X-Received: by 2002:ac2:58d5:0:b0:518:91c9:fc20 with SMTP id u21-20020ac258d5000000b0051891c9fc20mr2107039lfo.41.1713982941585; Wed, 24 Apr 2024 11:22:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713982941; cv=pass; d=google.com; s=arc-20160816; b=LdV4EIyXAfDPJQty/vjDpy/ZRLcetLxG/MRuTW6HfF9qSoG3fO/C/9P47FQR7aK2S2 KTbGpLCTNvOXO0akWCo5CTDDdbRgeFZxUhzc1b0zv1+IvCRK6CJRmrrorjJOxuTqVppj mkpCVcvVlHlbmyW4wdEwmTyOSwxuyiobKFyqlAxjyzNW1xTUQDKbFW3yvDIjFN/mvhvu cNqQ1jLXEQ5v1E6xX/DEy/HoYf7WR1PaU1GiG0qckiGfpqLwLbc2A86+fToNCwSD3l1P pnNr01J5PffY497jYfVKwGBqjy2v0+XZqyV4fGyjfyEBSxaCGt8rrI8JCZ9Qa1e2257Y Z2jQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:cc:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=rHQGOXusa2+Vu0a8OYJn1y88C1Ab8Q2GDpSPOhp29bM=; fh=5nJMkUkFQ1s1vkFOBkpn330eAp66HQZZ85VM4mNY2JE=; b=ej5MrldAB6zJzmOfkgMR1W72iYkd1SxbuFkqrVgWBdyHftBft6vNAMySUCjF7E5tWA XB81j3pw8OIZyx4zOEuNq+haWznbmufpObxOMNnWADbFjmp04/7OCnd89iVBxxvQYTQK NW9w4wrokdZ8WpNLor0ouysPgidDEV4H8Vk41UAp9UH69/2pEmE5fsm8arZITnKZUmDE zi8pQ8fAD5PDM+evnd2xpOsDK5Qo6W9a3NofCE/nzqpgXGJlNtB+RKD4XcnA+ZtPB3wz gHRDDagF0LqTxFnxRmE2YGe9YnL45pAdrnZ8Qw99uSKFwnd1xDwJpKU3Xu5DHUTBMDK5 UXSg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=g1WR+rL7; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-157060-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157060-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id gz7-20020a170906f2c700b00a588d0e6595si1411911ejb.1048.2024.04.24.11.22.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 11:22:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-157060-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=g1WR+rL7; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-157060-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157060-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 522EC1F271AA for ; Wed, 24 Apr 2024 14:18:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3BA6915E7E6; Wed, 24 Apr 2024 14:18:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="g1WR+rL7" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 309EB15E213 for ; Wed, 24 Apr 2024 14:18:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713968287; cv=none; b=e0mq1bgy3FcH6x39bvdP5hJ1s/y/smvRF99SNjSE5vYVTTIF+uDA9RQTdER7aW9fu9juHISokqZmmKfuFtxJIQfYuvNAJtKmhbg6utfvIeDwA+qy45xeinmKyzKc6xuDlAGRe9CKgdXjwye2Pd4kQNH0T7ZSqpLqcAk2CTb2nvE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713968287; c=relaxed/simple; bh=At4UvGSHtC3eAHxqHmHEbLvTz/bxsDbV95dLJBgf9C0=; h=Message-ID:Date:MIME-Version:Cc:Subject:To:References:From: In-Reply-To:Content-Type; b=Syn3ymuFyodsuMZHGJikq+oq5TQFXDgpajqafYiZE9Wit0bmTgzM3cDzRxXUEWWViWANG1zXaH58GsGG9GGRKqOvBGZZ0f7IYNDtl0v3tS16wpmI7/mhNHWzE3DlfsJeTBczpPl072M8Ntky9Dh3AVQeWooS1VAdAAa/vJl9B50= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=g1WR+rL7; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1713968286; x=1745504286; h=message-id:date:mime-version:cc:subject:to:references: from:in-reply-to:content-transfer-encoding; bh=At4UvGSHtC3eAHxqHmHEbLvTz/bxsDbV95dLJBgf9C0=; b=g1WR+rL7JJ6jSvH8lZdDakr1Kk+yINakQGeAjTZYFa1zd2cJS+S22P7P Kga0ghrCqkPxtLd1Hm1dF7Dc8YagkWBlmx0S+04Rz9Pusj29ZTbNi/qUk rSl5pWEWOq7WOtXfentVxpQk3uEmDl8BddlF0KgyBm04Q1bTuTDAWoGo7 tgbAAnz8SR7C78egU+IGLha/03AifZP4j6iVUsWHcG7zd79PRIdegL+xW z0tJUhZ+cBrKNC+eIs5Plf4Pq50/reJLyoPIzHIP9dxVZ3HzvX41eHvU3 MTZWrbt7f/6QBRPOkCQ0WV/YnEMR8O0Nk7zZZb9dISpVZJ5WGDr3RRiUl Q==; X-CSE-ConnectionGUID: y1xPYns+Q96mTBk/+0NW6Q== X-CSE-MsgGUID: Xo++LmcfSuy72hbBcK6y7Q== X-IronPort-AV: E=McAfee;i="6600,9927,11054"; a="20217330" X-IronPort-AV: E=Sophos;i="6.07,226,1708416000"; d="scan'208";a="20217330" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2024 07:18:05 -0700 X-CSE-ConnectionGUID: k2Y9vOx2Rd+ybaax5y0ZUA== X-CSE-MsgGUID: 42iMqnkSToGMlw5ObURQlg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,226,1708416000"; d="scan'208";a="25241509" Received: from blu2-mobl.ccr.corp.intel.com (HELO [10.124.237.86]) ([10.124.237.86]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2024 07:18:02 -0700 Message-ID: <77fd2bba-fc59-4997-a91a-2d9235ce5cd6@linux.intel.com> Date: Wed, 24 Apr 2024 22:18:00 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Cc: baolu.lu@linux.intel.com, joro@8bytes.org, will@kernel.org, ewagner12@gmail.com, suravee.suthikulpanit@amd.com, vashegde@amd.com, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, regressions@lists.linux.dev Subject: Re: [PATCH] iommu: Fix def_domain_type interaction with untrusted devices To: Jason Gunthorpe , Robin Murphy References: <20240416152943.GU223006@ziepe.ca> <3cf97e3c-c8d9-4282-a8ca-e4c1ea383dbd@arm.com> <20240424130457.GF231144@ziepe.ca> Content-Language: en-US From: Baolu Lu In-Reply-To: <20240424130457.GF231144@ziepe.ca> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2024/4/24 21:04, Jason Gunthorpe wrote: >> OK, so after all that you do in fact agree? In that case, why are we still >> mucking about proposing hacks on top of hacks in the AMD driver rather than >> just fixing the regression sensibly? > It is because your proposal is regressing the meaning of > def_domain_type back to a policy knob when I've spent a bunch of work > emptying out def_domain type implementations to get it into a > capability report. > > def_domain_type is now about*capability*. Does the > HW/SW/Driver/system support PAGING/IDENTITY or not. > > Meaning if def_domain_type says it is not supported then the core code > should not use it. This is how everything was working until AMD > changed their driver to lie about what their attach_domain would > accept. > > I do not want to see def_domain_type regress back to being confused > where some drivers are policy advice and some drivers are capability! > > AMD should hack their driver for the rc fix and then go and fix it > properly to remove the PASID logic entirely from def_domain_type. I > will also point again out that in v6.9-rc AMD doesn't even support > PASID yet so this abuse of def_domain_type isn't even needed. ???? > > The core code should contiue to treat def_domain_type as capability. I agree with this. Ideally there should be some mechanism to disallow any device driver to bind to the device if there's a conflict between the core policy and iommu hw capability because iommu-dma functionality is already compromised. If we all agree with the statement that "the core should treat def_domain_type as capability", the intel iommu driver needs some enhancement as well. For example, the intel iommu driver allows users to opt-in graphic in passthrough mode, in that case def_domain_type will return IOMMU_DOMAIN_IDENTITY no matter the device is trusted or not. if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) return IOMMU_DOMAIN_IDENTITY; this potentially creates same conflict as the amd driver. Best regards, baolu