From mboxrd@z Thu Jan 1 00:00:00 1970 From: "joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org" Subject: Re: [PATCH 02/37] iommu/sva: Bind process address spaces to devices Date: Thu, 15 Feb 2018 11:21:13 +0100 Message-ID: <20180215102113.c7t7rrnyzgazmdli@8bytes.org> References: <20180212183352.22730-1-jean-philippe.brucker@arm.com> <20180212183352.22730-3-jean-philippe.brucker@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Jean-Philippe Brucker Cc: Mark Rutland , "ilias.apalodimas-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org" , mykyta.iziumtsev-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org, "kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "xuzaibo-hv44wF8Li93QT0dZR+AlfA@public.gmane.org" , Will Deacon , "okaya-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org" , "Raj, Ashok" , "bharatku-gjFFaj9aHVfQT0dZR+AlfA@public.gmane.org" , "linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Catalin Marinas , "rfranz-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org" , "lenb-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org" , "devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "robh+dt-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org" , "bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org" , "linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org" , "dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org" List-Id: devicetree@vger.kernel.org On Tue, Feb 13, 2018 at 12:57:23PM +0000, Jean-Philippe Brucker wrote: > * bind_device() fails if the device's group has more than one device, > otherwise calls __bind_device(). This prevents device drivers that are > oblivious to IOMMU groups from opening a backdoor. > > * bind_group() calls __bind_device() for all devices in group. This way > users that are aware of IOMMU groups can still use them safely. Note that > at the moment bind_group() fails as soon as it finds a device that doesn't > support SVA. Having all devices support SVA in a given group is > unrealistic and this behavior ought to be improved. Yeah, so the problem on PCI is that all functions of a multi-function device are put into one group. For AMD-GPUs this means that the GPU (SVA-capable) will end up in the same group as the on-GPU sound device (not SVA-capable). Before this causes us big headaches I suggest to only provide the bind_device() function. This should be fine because for SVA we don't need all types of isolation that iommu_groups provide. IOMMU-groups provide two types of isolation: 1) They group devices together which the IOMMU can't distinguish from each other, like PCI devices behind a PCIe bridge. 2) Devices that can't be isolated from each other are also put into the same group. This is the case for multi-function PCIe devices as well as all PCIe devices behind a non-ACS bridge. But all these devices cann still be distinguished by the IOMMU. These two types of protection are needed to safely assign devices to guests, but for bare-metal SVA all we need is type 1) isolation, and not even that if we can assume that all SVA-capable devices have an exclusive device-id (or stream-id). Joerg