From: Dan Williams <dan.j.williams@intel.com>
To: Michael Kelley <mhklinux@outlook.com>,
Dan Williams <dan.j.williams@intel.com>,
Roman Kisel <romank@linux.microsoft.com>,
"Robin Murphy" <robin.murphy@arm.com>,
"aleksander.lobakin@intel.com" <aleksander.lobakin@intel.com>,
"andriy.shevchenko@linux.intel.com"
<andriy.shevchenko@linux.intel.com>,
"arnd@arndb.de" <arnd@arndb.de>, "bp@alien8.de" <bp@alien8.de>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"corbet@lwn.net" <corbet@lwn.net>,
"dakr@kernel.org" <dakr@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"decui@microsoft.com" <decui@microsoft.com>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"haiyangz@microsoft.com" <haiyangz@microsoft.com>,
"hch@lst.de" <hch@lst.de>, "hpa@zytor.com" <hpa@zytor.com>,
"James.Bottomley@hansenpartnership.com"
<James.Bottomley@hansenpartnership.com>,
"Jonathan.Cameron@huawei.com" <Jonathan.Cameron@huawei.com>,
"kys@microsoft.com" <kys@microsoft.com>,
"leon@kernel.org" <leon@kernel.org>,
"lukas@wunner.de" <lukas@wunner.de>,
"luto@kernel.org" <luto@kernel.org>,
"m.szyprowski@samsung.com" <m.szyprowski@samsung.com>,
"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"quic_zijuhu@quicinc.com" <quic_zijuhu@quicinc.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
"will@kernel.org" <will@kernel.org>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>
Cc: "apais@microsoft.com" <apais@microsoft.com>,
"benhill@microsoft.com" <benhill@microsoft.com>,
"bperkins@microsoft.com" <bperkins@microsoft.com>,
"sunilmut@microsoft.com" <sunilmut@microsoft.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: RE: [PATCH hyperv-next 5/6] arch, drivers: Add device struct bitfield to not bounce-buffer
Date: Thu, 10 Apr 2025 17:03:31 -0700 [thread overview]
Message-ID: <67f85c5349acf_71fe294ac@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <SN6PR02MB4157328CAB1EBD021093DD3FD4B72@SN6PR02MB4157.namprd02.prod.outlook.com>
Michael Kelley wrote:
> From: Dan Williams <dan.j.williams@intel.com> Sent: Wednesday, April 9, 2025 4:30 PM
[..]
> > Like PCIe TDISP the capability of this device to access private memory
> > is a property of the bus and the iommu. However, acceptance of the
> > device into private operation is a willful policy action. It needs to
> > validate not only the device provenance and state, but also the Linux
> > DMA layer requirements of not holding shared or swiotlb mappings over
> > the "entry into private mode operation" event.
>
> To flesh this out the swiotlb aspect a bit, once a TDISP device has
> gone private, how does it prevent the DMA layer from ever doing
> bounce buffering through the swiotlb? My understanding is that
> the DMA layer doesn't make any promises to not do bounce buffering.
> Given the vagaries of memory alignment, perhaps add in a virtual
> IOMMU, etc., it seems like a device driver can't necessarily predict
> what DMA operations might result in bounce buffering. Does TDISP
> anticipate needing a formal way to tell the DMA layer "don't bounce
> buffer"? (and return an error instead?) Or would there be a separate
> swiotlb memory pool that is private memory so that bounce buffer
> could be done when necessary and still maintain confidentiality?
I expect step 1 is just add some rude errors / safety for attempting to
convert the mode of a device while it has any DMA mappings established,
and explicit failures for attempts to fallback to swiotlb for
'private_accepted' devices.
The easiest way to enforce that a device does not cross the
shared/private boundary while DMA mappings are live is to simply not
allow that transition while a driver is bound (i.e. "dev->driver" is
non-NULL).
next prev parent reply other threads:[~2025-04-11 0:03 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 0:08 [PATCH hyperv-next 0/6] Confidential VMBus Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 1/6] Documentation: hyperv: " Roman Kisel
2025-04-10 16:54 ` ALOK TIWARI
2025-04-10 19:10 ` Roman Kisel
2025-04-25 6:31 ` Wei Liu
2025-04-09 0:08 ` [PATCH hyperv-next 2/6] drivers: hyperv: VMBus protocol version 6.0 Roman Kisel
2025-04-10 17:03 ` ALOK TIWARI
2025-04-09 0:08 ` [PATCH hyperv-next 3/6] arch: hyperv: Get/set SynIC synth.registers via paravisor Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 4/6] arch: x86, drivers: hyperv: Enable confidential VMBus Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 5/6] arch, drivers: Add device struct bitfield to not bounce-buffer Roman Kisel
2025-04-09 10:52 ` Christoph Hellwig
2025-04-09 15:27 ` Roman Kisel
2025-04-09 16:03 ` Robin Murphy
2025-04-09 16:44 ` Roman Kisel
2025-04-09 23:30 ` Dan Williams
2025-04-10 1:16 ` Michael Kelley
2025-04-11 0:03 ` Dan Williams [this message]
2025-04-10 7:23 ` Christoph Hellwig
2025-04-10 23:44 ` Jason Gunthorpe
2025-04-10 23:50 ` Jason Gunthorpe
2025-04-10 7:21 ` Christoph Hellwig
2025-04-10 15:16 ` Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 6/6] drivers: SCSI: Do not bounce-bufffer for the confidential VMBus Roman Kisel
2025-04-09 10:53 ` Christoph Hellwig
2025-04-09 15:36 ` Roman Kisel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67f85c5349acf_71fe294ac@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=aleksander.lobakin@intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=apais@microsoft.com \
--cc=arnd@arndb.de \
--cc=benhill@microsoft.com \
--cc=bp@alien8.de \
--cc=bperkins@microsoft.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=dakr@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=hch@lst.de \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=kys@microsoft.com \
--cc=leon@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=martin.petersen@oracle.com \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=quic_zijuhu@quicinc.com \
--cc=robin.murphy@arm.com \
--cc=romank@linux.microsoft.com \
--cc=sunilmut@microsoft.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=wei.liu@kernel.org \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).