From: Jason Gunthorpe <jgg@nvidia.com>
To: Mostafa Saleh <smostafa@google.com>
Cc: acpica-devel@lists.linux.dev, Hanjun Guo <guohanjun@huawei.com>,
iommu@lists.linux.dev, Joerg Roedel <joro@8bytes.org>,
Kevin Tian <kevin.tian@intel.com>,
kvm@vger.kernel.org, Len Brown <lenb@kernel.org>,
linux-acpi@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
Lorenzo Pieralisi <lpieralisi@kernel.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Robert Moore <robert.moore@intel.com>,
Robin Murphy <robin.murphy@arm.com>,
Sudeep Holla <sudeep.holla@arm.com>,
Will Deacon <will@kernel.org>,
Alex Williamson <alex.williamson@redhat.com>,
Eric Auger <eric.auger@redhat.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Moritz Fischer <mdf@kernel.org>,
Michael Shavit <mshavit@google.com>,
Nicolin Chen <nicolinc@nvidia.com>,
patches@lists.linux.dev,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>
Subject: Re: [PATCH v2 6/8] iommu/arm-smmu-v3: Support IOMMU_GET_HW_INFO via struct arm_smmu_hw_info
Date: Mon, 2 Sep 2024 21:16:54 -0300 [thread overview]
Message-ID: <20240903001654.GE3773488@nvidia.com> (raw)
In-Reply-To: <ZtWPRDsQ-VV-6juL@google.com>
On Mon, Sep 02, 2024 at 10:11:16AM +0000, Mostafa Saleh wrote:
> > What is the harm? Does exposing IDR data to userspace in any way
> > compromise the security or integrity of the system?
> >
> > I think no - how could it?
>
> I don’t see a clear harm or exploit with exposing IDRs, but IMHO we
> should deal with userspace with the least privilege principle and
> only expose what user space cares about (with sanitised IDRs or
> through another mechanism)
If the information is harmless then why hide it? We expose all kinds
of stuff to userspace, like most of the PCI config space for
instance. I think we need a reason.
Any sanitization in the kernel will complicate everything because we
will get it wrong.
Let's not make things complicated without reasons. Intel and AMD are
exposing their IDR equivalents in this manner as well.
> For example, KVM doesn’t allow reading reading the CPU system
> registers to know if SVE(or other features) is supported but hides
> that by a CAP in KVM_CHECK_EXTENSION
Do you know why?
> > As the comments says, the VMM should not just blindly forward this to
> > a guest!
>
> I don't think the kernel should trust userspace.
There is no trust. If the VMM blindly forwards the IDRS then the VMM
will find its VM's have issues. It is a functional bug, just as if the
VMM puts random garbage in its vIDRS.
The onl purpose of this interface is to provide information about the
physical hardware to the VMM.
> > The VMM needs to make its own IDR to reflect its own vSMMU
> > capabilities. It can refer to the kernel IDR if it needs to.
> >
> > So, if the kernel is going to limit it, what criteria would you
> > propose the kernel use?
>
> I agree that the VMM would create a virtual IDR for guest, but that
> doesn't have to be directly based on the physical one (same as CPU).
No one said it should be. In fact the comment explicitly says not to
do that.
The VMM is expected to read out of the physical IDR any information
that effects data structures that are under direct guest control.
For instance anything that effects the CD on downwards. So page sizes,
IAS limits, etc etc etc. Anything that effects assigned invalidation
queues. Anything that impacts errata the VM needs to be aware of.
If you sanitize it then you will hide information that someone will
need at some point, then we have go an unsanitize it, then add feature
flags.. It is a pain.
Jason
next prev parent reply other threads:[~2024-09-03 0:18 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-27 15:51 [PATCH v2 0/8] Initial support for SMMUv3 nested translation Jason Gunthorpe
2024-08-27 15:51 ` [PATCH v2 1/8] vfio: Remove VFIO_TYPE1_NESTING_IOMMU Jason Gunthorpe
2024-08-30 7:40 ` Tian, Kevin
2024-08-27 15:51 ` [PATCH v2 2/8] iommu/arm-smmu-v3: Use S2FWB when available Jason Gunthorpe
2024-08-27 19:48 ` Nicolin Chen
2024-08-28 18:30 ` Jason Gunthorpe
2024-08-28 19:47 ` Nicolin Chen
2024-08-28 19:50 ` Nicolin Chen
2024-08-30 7:44 ` Tian, Kevin
2024-08-30 7:56 ` Nicolin Chen
2024-08-30 8:01 ` Tian, Kevin
2024-08-30 15:12 ` Mostafa Saleh
2024-08-30 16:40 ` Jason Gunthorpe
2024-09-02 9:29 ` Mostafa Saleh
2024-09-03 0:05 ` Jason Gunthorpe
2024-09-03 7:57 ` Mostafa Saleh
2024-09-03 23:33 ` Jason Gunthorpe
2024-09-10 10:55 ` Mostafa Saleh
2024-09-10 20:22 ` Jason Gunthorpe
2024-09-17 9:48 ` Mostafa Saleh
2024-09-04 14:20 ` Shameerali Kolothum Thodi
2024-09-04 15:00 ` Jason Gunthorpe
2024-09-10 11:25 ` Shameerali Kolothum Thodi
2024-09-11 22:52 ` Jason Gunthorpe
2024-08-27 15:51 ` [PATCH v2 3/8] ACPICA: IORT: Update for revision E.f Jason Gunthorpe
2024-08-29 10:14 ` Rafael J. Wysocki
2024-08-27 15:51 ` [PATCH v2 4/8] ACPI/IORT: Support CANWBS memory access flag Jason Gunthorpe
2024-08-30 7:52 ` Tian, Kevin
2024-08-30 13:54 ` Jason Gunthorpe
2024-09-03 7:14 ` Tian, Kevin
2024-08-27 15:51 ` [PATCH v2 5/8] iommu/arm-smmu-v3: Report IOMMU_CAP_ENFORCE_CACHE_COHERENCY for CANWBS Jason Gunthorpe
2024-08-27 20:12 ` Nicolin Chen
2024-08-28 19:12 ` Jason Gunthorpe
2024-08-30 15:19 ` Mostafa Saleh
2024-08-30 17:10 ` Jason Gunthorpe
2024-08-27 15:51 ` [PATCH v2 6/8] iommu/arm-smmu-v3: Support IOMMU_GET_HW_INFO via struct arm_smmu_hw_info Jason Gunthorpe
2024-08-30 7:55 ` Tian, Kevin
2024-08-30 15:23 ` Mostafa Saleh
2024-08-30 17:16 ` Jason Gunthorpe
2024-09-02 10:11 ` Mostafa Saleh
2024-09-03 0:16 ` Jason Gunthorpe [this message]
2024-09-03 8:34 ` Mostafa Saleh
2024-09-03 23:40 ` Jason Gunthorpe
2024-09-04 7:11 ` Shameerali Kolothum Thodi
2024-09-04 12:01 ` Jason Gunthorpe
2024-09-06 11:19 ` Mostafa Saleh
2024-08-27 15:51 ` [PATCH v2 7/8] iommu/arm-smmu-v3: Implement IOMMU_HWPT_ALLOC_NEST_PARENT Jason Gunthorpe
2024-08-27 20:16 ` Nicolin Chen
2024-08-30 7:58 ` Tian, Kevin
2024-08-30 13:55 ` Jason Gunthorpe
2024-08-30 15:27 ` Mostafa Saleh
2024-08-30 17:18 ` Jason Gunthorpe
2024-09-02 8:57 ` Mostafa Saleh
2024-08-27 15:51 ` [PATCH v2 8/8] iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED Jason Gunthorpe
2024-08-27 21:23 ` Nicolin Chen
2024-08-28 19:01 ` Jason Gunthorpe
2024-08-28 19:27 ` Nicolin Chen
2024-08-30 8:16 ` Tian, Kevin
2024-08-30 14:13 ` Jason Gunthorpe
2024-08-30 14:39 ` Jason Gunthorpe
2024-08-30 16:09 ` Mostafa Saleh
2024-08-30 16:59 ` Nicolin Chen
2024-08-30 17:04 ` Jason Gunthorpe
2024-09-02 9:57 ` Mostafa Saleh
2024-09-03 0:30 ` Jason Gunthorpe
2024-09-03 1:13 ` Nicolin Chen
2024-09-03 9:00 ` Mostafa Saleh
2024-09-03 23:55 ` Jason Gunthorpe
2024-09-06 11:07 ` Mostafa Saleh
2024-09-06 13:34 ` Jason Gunthorpe
2024-09-10 11:12 ` Mostafa Saleh
2024-09-15 21:39 ` Jason Gunthorpe
2024-09-06 18:28 ` Jason Gunthorpe
2024-09-06 18:49 ` Nicolin Chen
2024-09-06 23:15 ` Jason Gunthorpe
2024-08-27 21:31 ` [PATCH v2 0/8] Initial support for SMMUv3 nested translation Nicolin Chen
2024-08-28 16:31 ` Shameerali Kolothum Thodi
2024-08-28 17:14 ` Nicolin Chen
2024-08-28 18:06 ` Shameerali Kolothum Thodi
2024-08-28 18:12 ` Nicolin Chen
2024-08-29 13:14 ` Shameerali Kolothum Thodi
2024-08-29 14:52 ` Shameerali Kolothum Thodi
2024-08-29 16:10 ` Nicolin Chen
2024-08-30 9:07 ` Shameerali Kolothum Thodi
2024-08-30 17:01 ` Nicolin Chen
2024-09-12 3:42 ` Zhangfei Gao
2024-09-12 4:05 ` Nicolin Chen
2024-09-12 4:25 ` Baolu Lu
2024-09-12 7:32 ` Zhangfei Gao
2024-10-15 3:21 ` Zhangfei Gao
2024-10-15 13:09 ` Jason Gunthorpe
2024-10-17 1:53 ` Zhangfei Gao
2024-10-17 11:57 ` Jason Gunthorpe
2024-10-16 2:23 ` Zhangfei Gao
2024-10-16 11:53 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240903001654.GE3773488@nvidia.com \
--to=jgg@nvidia.com \
--cc=acpica-devel@lists.linux.dev \
--cc=alex.williamson@redhat.com \
--cc=eric.auger@redhat.com \
--cc=guohanjun@huawei.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=lpieralisi@kernel.org \
--cc=mdf@kernel.org \
--cc=mshavit@google.com \
--cc=nicolinc@nvidia.com \
--cc=patches@lists.linux.dev \
--cc=rafael@kernel.org \
--cc=robert.moore@intel.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=smostafa@google.com \
--cc=sudeep.holla@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).