From: Nicolin Chen <nicolinc@nvidia.com>
To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>
Cc: "will@kernel.org" <will@kernel.org>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"jgg@nvidia.com" <jgg@nvidia.com>,
"thierry.reding@gmail.com" <thierry.reding@gmail.com>,
"vdumpa@nvidia.com" <vdumpa@nvidia.com>,
"jonathanh@nvidia.com" <jonathanh@nvidia.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-tegra@vger.kernel.org" <linux-tegra@vger.kernel.org>
Subject: Re: [PATCH v5 6/6] iommu/tegra241-cmdqv: Limit CMDs for guest owned VINTF
Date: Wed, 17 Apr 2024 09:04:21 -0700 [thread overview]
Message-ID: <Zh/zBZoubYvqLQza@Asurada-Nvidia> (raw)
In-Reply-To: <1d68c21591fa4f8497aea0e6a0afda8b@huawei.com>
On Wed, Apr 17, 2024 at 03:12:57PM +0000, Shameerali Kolothum Thodi wrote:
> > -----Original Message-----
> > From: Nicolin Chen <nicolinc@nvidia.com>
> > Sent: Saturday, April 13, 2024 4:44 AM
> > To: will@kernel.org; robin.murphy@arm.com
> > Cc: joro@8bytes.org; jgg@nvidia.com; thierry.reding@gmail.com;
> > vdumpa@nvidia.com; jonathanh@nvidia.com; linux-kernel@vger.kernel.org;
> > iommu@lists.linux.dev; linux-arm-kernel@lists.infradead.org; linux-
> > tegra@vger.kernel.org
> > Subject: [PATCH v5 6/6] iommu/tegra241-cmdqv: Limit CMDs for guest owned
> > VINTF
> >
> > When VCMDQs are assigned to a VINTF owned by a guest (HYP_OWN bit unset),
> > only TLB and ATC invalidation commands are supported by the VCMDQ HW. So,
> > add a new helper to scan the input cmds to make sure every single command
> > is supported when selecting a queue.
> >
> > Note that the guest VM shouldn't have HYP_OWN bit being set regardless of
> > guest kernel driver writing it or not, i.e. the hypervisor running in the
> > host OS should wire this bit to zero when trapping a write access to this
> > VINTF_CONFIG register from a guest kernel.
>
> Just curious, suppose there is a malicious guest with a compromised kernel
> which bypasses the HYP_OWN bit check and issues other commands, does
> the hardware has the capability to detect it and not make the host unstable
> in any way?
Only that specific VINTF/VCMDQ would stop and error an IRQ.
Even a device command (ATC_INV) would be strictly checked
against the Stream ID table that's set at the host level.
Thanks
Nicolin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-04-17 16:05 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-13 3:43 [PATCH v5 0/6] Add Tegra241 (Grace) CMDQV Support (part 1/2) Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 1/6] iommu/arm-smmu-v3: Add CS_NONE quirk Nicolin Chen
2024-04-19 17:12 ` Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 2/6] iommu/arm-smmu-v3: Make arm_smmu_cmdq_init reusable Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 3/6] iommu/arm-smmu-v3: Make __arm_smmu_cmdq_skip_err reusable Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 4/6] iommu/arm-smmu-v3: Pass in cmdq pointer to arm_smmu_cmdq_issue_cmdlist() Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 5/6] iommu/arm-smmu-v3: Add in-kernel support for NVIDIA Tegra241 (Grace) CMDQV Nicolin Chen
2024-04-13 3:43 ` [PATCH v5 6/6] iommu/tegra241-cmdqv: Limit CMDs for guest owned VINTF Nicolin Chen
2024-04-17 15:12 ` Shameerali Kolothum Thodi
2024-04-17 16:04 ` Nicolin Chen [this message]
2024-04-15 17:14 ` [PATCH v5 0/6] Add Tegra241 (Grace) CMDQV Support (part 1/2) Jason Gunthorpe
2024-04-17 8:01 ` Shameerali Kolothum Thodi
2024-04-17 9:45 ` Shameerali Kolothum Thodi
2024-04-17 12:29 ` Jason Gunthorpe
2024-04-17 12:24 ` Jason Gunthorpe
2024-04-17 15:13 ` Shameerali Kolothum Thodi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zh/zBZoubYvqLQza@Asurada-Nvidia \
--to=nicolinc@nvidia.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=jonathanh@nvidia.com \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tegra@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=thierry.reding@gmail.com \
--cc=vdumpa@nvidia.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox