From: Jacob Pan <jacob.jun.pan-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
To: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Cc: Ravi V Shankar
<ravi.v.shankar-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"Raj, Ashok" <ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Fenghua Yu <fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andy Shevchenko
<andriy.shevchenko-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Gayatri Kammela
<gayatri.kammela-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH v7 0/5] Add Intel IOMMU debugfs support
Date: Thu, 29 Mar 2018 09:05:35 -0700 [thread overview]
Message-ID: <20180329090535.65c41cc1@jacob-builder> (raw)
In-Reply-To: <20180329084824.fvy7cg2wban4by4n-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
On Thu, 29 Mar 2018 10:48:24 +0200
Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org> wrote:
> [ Adding Gary from AMD to Cc ]
>
> On Mon, Mar 19, 2018 at 09:37:14AM -0700, Jacob Pan wrote:
> > On Thu, 15 Mar 2018 14:18:54 +0100
> > Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org> wrote:
> >
> > > On Thu, Feb 15, 2018 at 08:38:11AM -0800, Jacob Pan wrote:
> > > > Just wondering if your concern is on the implementation or the
> > > > debugfs idea in general. Perhaps have some common IOMMU
> > > > debugfs?
> > >
> > > My concern mainly is that we add interfaces which reveal
> > > potentially security relevant information
> > I don;t think security is any worse than existing kernel page table
> > in debugfs. i.e. /sys/kernel/debug/page_tables
> > This is a debug feature.
>
> Okay, so here is the way to go: Please introduce a basic debugfs
> facility to the core iommu code. It should basically only create a
> 'iommu/' directory in debugfs where drivers can create their own
> sub-directories. This must be enabled by a new kconfig option
> (CONFIG_IOMMU_DEBUGFS) and the kernel should print a big fat warning
> at boot when it is enabled. This hopefully prevents anyone from
> enabling it for production kernels.
>
> Then in the next cycle I will review again more closely what
> information about VT-d and AMD-Vi is revealed there and will probably
> apply what I can live with.
>
sounds great. we will provide vt-d info for both current and
potential extensions so that you can consider if there can be any
abstractions.
> Thanks,
>
> Joerg
>
[Jacob Pan]
WARNING: multiple messages have this Message-ID (diff)
From: Jacob Pan <jacob.jun.pan@linux.intel.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: Gary R Hook <gary.hook@amd.com>,
"Raj, Ashok" <ashok.raj@intel.com>,
Sohil Mehta <sohil.mehta@intel.com>,
Alex Williamson <alex.williamson@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Gayatri Kammela <gayatri.kammela@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
jacob.jun.pan@linux.intel.com
Subject: Re: [PATCH v7 0/5] Add Intel IOMMU debugfs support
Date: Thu, 29 Mar 2018 09:05:35 -0700 [thread overview]
Message-ID: <20180329090535.65c41cc1@jacob-builder> (raw)
In-Reply-To: <20180329084824.fvy7cg2wban4by4n@8bytes.org>
On Thu, 29 Mar 2018 10:48:24 +0200
Joerg Roedel <joro@8bytes.org> wrote:
> [ Adding Gary from AMD to Cc ]
>
> On Mon, Mar 19, 2018 at 09:37:14AM -0700, Jacob Pan wrote:
> > On Thu, 15 Mar 2018 14:18:54 +0100
> > Joerg Roedel <joro@8bytes.org> wrote:
> >
> > > On Thu, Feb 15, 2018 at 08:38:11AM -0800, Jacob Pan wrote:
> > > > Just wondering if your concern is on the implementation or the
> > > > debugfs idea in general. Perhaps have some common IOMMU
> > > > debugfs?
> > >
> > > My concern mainly is that we add interfaces which reveal
> > > potentially security relevant information
> > I don;t think security is any worse than existing kernel page table
> > in debugfs. i.e. /sys/kernel/debug/page_tables
> > This is a debug feature.
>
> Okay, so here is the way to go: Please introduce a basic debugfs
> facility to the core iommu code. It should basically only create a
> 'iommu/' directory in debugfs where drivers can create their own
> sub-directories. This must be enabled by a new kconfig option
> (CONFIG_IOMMU_DEBUGFS) and the kernel should print a big fat warning
> at boot when it is enabled. This hopefully prevents anyone from
> enabling it for production kernels.
>
> Then in the next cycle I will review again more closely what
> information about VT-d and AMD-Vi is revealed there and will probably
> apply what I can live with.
>
sounds great. we will provide vt-d info for both current and
potential extensions so that you can consider if there can be any
abstractions.
> Thanks,
>
> Joerg
>
[Jacob Pan]
next prev parent reply other threads:[~2018-03-29 16:05 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-03 0:49 [PATCH v7 0/5] Add Intel IOMMU debugfs support Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
[not found] ` <1517619001-148586-1-git-send-email-sohil.mehta-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2018-02-03 0:49 ` [PATCH v7 1/5] iommu/vt-d: Relocate struct/function declarations to its header files Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:49 ` [PATCH v7 2/5] iommu/vt-d: Enable debugfs support to show context internals Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:49 ` [PATCH v7 3/5] iommu/vt-d: Add debugfs support to show register contents Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:50 ` [PATCH v7 4/5] iommu/vt-d: Add debugfs support to show Pasid table contents Sohil Mehta
2018-02-03 0:50 ` Sohil Mehta
2018-02-03 0:50 ` [PATCH v7 5/5] iommu/vt-d: Add debugfs support for Interrupt remapping Sohil Mehta
2018-02-03 0:50 ` Sohil Mehta
2018-02-04 14:13 ` [PATCH v7 0/5] Add Intel IOMMU debugfs support Andy Shevchenko
2018-02-04 14:13 ` Andy Shevchenko
2018-02-13 14:03 ` Joerg Roedel
2018-02-13 14:03 ` Joerg Roedel
2018-02-13 21:40 ` Raj, Ashok
2018-02-13 22:53 ` Jacob Pan
2018-02-13 22:53 ` Jacob Pan
2018-02-15 9:53 ` Joerg Roedel
2018-02-15 9:53 ` Joerg Roedel
[not found] ` <20180215095337.fccoozdclfnbepi4-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-02-15 16:38 ` Jacob Pan
2018-02-15 16:38 ` Jacob Pan
2018-03-15 13:18 ` Joerg Roedel
[not found] ` <20180315131854.s6xmltsvsysublcw-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-03-19 16:37 ` Jacob Pan
2018-03-19 16:37 ` Jacob Pan
2018-03-29 8:48 ` Joerg Roedel
2018-03-29 8:48 ` Joerg Roedel
[not found] ` <20180329084824.fvy7cg2wban4by4n-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-03-29 15:52 ` Gary R Hook
2018-03-29 15:52 ` Gary R Hook
2018-03-29 16:05 ` Jacob Pan [this message]
2018-03-29 16:05 ` Jacob Pan
2018-02-18 22:15 ` Yves-Alexis Perez
2018-02-18 22:15 ` Yves-Alexis Perez
[not found] ` <1518992132.2542.5.camel-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org>
2018-02-20 22:25 ` Jacob Pan
2018-02-20 22:25 ` Jacob Pan
2018-02-22 7:48 ` Yves-Alexis Perez
2018-02-22 7:48 ` Yves-Alexis Perez
[not found] ` <1519285717.2388.11.camel-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org>
2018-02-22 17:09 ` Jacob Pan
2018-02-22 17:09 ` Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180329090535.65c41cc1@jacob-builder \
--to=jacob.jun.pan-vuqaysv1563yd54fqh9/ca@public.gmane.org \
--cc=andriy.shevchenko-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=gayatri.kammela-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=ravi.v.shankar-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.