From: alex.williamson@redhat.com (Alex Williamson)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP
Date: Thu, 26 Jun 2014 13:00:23 -0600 [thread overview]
Message-ID: <1403809223.31091.137.camel@ul30vt.home> (raw)
In-Reply-To: <b085e02e72dc424d9624c3e810951087@BY2PR07MB203.namprd07.prod.outlook.com>
On Thu, 2014-06-26 at 18:41 +0000, Chalamarla, Tirumalesh wrote:
> Sorry there was a type,
>
> The question is:
>
> How is VFIO restricting software from writing to MSI/MSI-X vectors of the device.
All interrupts are configured via ioctl, not MSI config space or the
MSI-X vector table in MMIO space. VFIO protects the MSI config area by
virtualizing it (you can't actually write the physical enable bit or
address/data through VFIO). The MSI-X vector table is protected by
preventing read, write, or mmap access to it. QEMU provides further
virtualization above the basics provided by VFIO. We really can't
guarantee that devices don't have backdoors to configure these though.
See the realtek quirk in QEMU for an example of a device that has such a
backdoor. That's why we require interrupt remapping, so that a device
that does this can only hurt the guest, and require the user to opt-out
if they feel they have a sufficiently trusted guest. Thanks,
Alex
>
> -----Original Message-----
> From: Chalamarla, Tirumalesh
> Sent: Thursday, June 26, 2014 11:16 AM
> To: Chalamarla, Tirumalesh; Joerg Roedel; Will Deacon
> Cc: kvm at vger.kernel.org; open list; alex.williamson at redhat.com; stuart.yoder at freescale.com; iommu at lists.linux-foundation.org; tech at virtualopensystems.com; kvmarm at lists.cs.columbia.edu; moderated list:ARM SMMU DRIVER
> Subject: RE: [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP
>
> When I say emulating ITS, I mean translating guest ITS commands to physical ITS commands and placing them in physical queue.
>
> Regards,
> Tirumalesh.
>
> -----Original Message-----
> From: kvmarm-bounces at lists.cs.columbia.edu [mailto:kvmarm-bounces at lists.cs.columbia.edu] On Behalf Of Chalamarla, Tirumalesh
> Sent: Thursday, June 26, 2014 11:08 AM
> To: Joerg Roedel; Will Deacon
> Cc: kvm at vger.kernel.org; open list; alex.williamson at redhat.com; stuart.yoder at freescale.com; iommu at lists.linux-foundation.org; tech at virtualopensystems.com; kvmarm at lists.cs.columbia.edu; moderated list:ARM SMMU DRIVER
> Subject: RE: [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP
>
> Forgive me if this discussion is not relative here, but I thought it is.
>
> How is VFIO restricting devices from writing to MSI/MSI-X, Is all the vector area is mapped by VFIO to trap the accesses. I am asking this because we might need to emulate ITS somewhere either in KVM or VFIO to provide direct access to devices.
> And I don't see any mentions on that. I think this flag needs to be set by ITS emulation.
>
> Regards,
> Tirumalesh.
>
> -----Original Message-----
> From: kvmarm-bounces at lists.cs.columbia.edu [mailto:kvmarm-bounces at lists.cs.columbia.edu] On Behalf Of Joerg Roedel
> Sent: Monday, June 16, 2014 8:39 AM
> To: Will Deacon
> Cc: stuart.yoder at freescale.com; kvm at vger.kernel.org; open list; iommu at lists.linux-foundation.org; alex.williamson at redhat.com; moderated list:ARM SMMU DRIVER; tech at virtualopensystems.com; kvmarm at lists.cs.columbia.edu; Christoffer Dall
> Subject: Re: [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP
>
> On Mon, Jun 16, 2014 at 04:25:26PM +0100, Will Deacon wrote:
> > Ok, thanks. In which case, I think this is really a combined property
> > of the SMMU and the interrupt controller, so we might need some extra
> > code so that the SMMU can check that the interrupt controller for the
> > device is also capable of interrupt remapping.
>
> Right, that this is part of IOMMU code has more or less historic reasons on x86. Interrupt remapping is purely implemented in the IOMMU there, so on ARM some clue-code between interrupt controler and smmu is needed.
>
>
> Joerg
>
>
> _______________________________________________
> kvmarm mailing list
> kvmarm at lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
> _______________________________________________
> kvmarm mailing list
> kvmarm at lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2014-06-26 19:00 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1401987808-23596-1-git-send-email-a.motakis@virtualopensystems.com>
2014-06-05 17:03 ` [RFC PATCH v6 01/20] iommu/arm-smmu: change IOMMU_EXEC to IOMMU_NOEXEC Antonios Motakis
2014-06-16 15:04 ` Will Deacon
2014-06-05 17:03 ` [RFC PATCH v6 03/20] iommu/arm-smmu: add IOMMU_CAP_NOEXEC to the ARM SMMU driver Antonios Motakis
2014-06-16 15:04 ` Will Deacon
2014-06-16 15:25 ` Alex Williamson
2014-06-16 15:30 ` Will Deacon
2014-06-05 17:03 ` [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP Antonios Motakis
2014-06-05 18:31 ` Varun Sethi
2014-06-08 10:31 ` Christoffer Dall
2014-06-16 14:53 ` Joerg Roedel
2014-06-16 15:13 ` Will Deacon
2014-06-16 15:21 ` Joerg Roedel
2014-06-16 15:25 ` Will Deacon
2014-06-16 15:38 ` Joerg Roedel
2014-06-26 18:08 ` Chalamarla, Tirumalesh
2014-06-26 18:15 ` Chalamarla, Tirumalesh
2014-06-26 18:41 ` Chalamarla, Tirumalesh
2014-06-26 19:00 ` Alex Williamson [this message]
2014-06-26 19:10 ` Chalamarla, Tirumalesh
2014-06-26 19:36 ` Alex Williamson
2014-06-27 8:47 ` Will Deacon
2014-06-27 21:57 ` Chalamarla, Tirumalesh
2014-06-28 7:05 ` Marc Zyngier
2014-06-16 15:30 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1403809223.31091.137.camel@ul30vt.home \
--to=alex.williamson@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).