From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2057.outbound.protection.outlook.com [40.107.94.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6882C3C26 for ; Thu, 22 Sep 2022 14:13:45 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zs2qU3N+UDNKif7rdUzG6WlDm5+FFFqvlE849AVAphPinE1h9tUthpv9sU4nk1zGZNXnfRmKtLB5PSlZ5scXznWbYaDOp3C6/YHCztv1yYCdVJ6QzPiO3n7vUWF2CjO9GKTat1MGFtXKyj3I42A70733DetiCY63S/t09VZWmNLyLLHgQukbUY2LK6d24rQepFRcrqEFv5kJphHS8d6HO0vYntwDyaRckf8HovoVzfiCv1E2af5HMEXj2dr9eKsdH6VO/33Jt4Ry632dUMWv49ZbcBV2SdvNVbfBD0QPDGqjoE34ZimQrdZ8Qu8BwSujO4jSi0KR6a2K60W4nNTQcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KcQMT4Kegn54MXexabP5203bM+2GU6bdwLOJp/4XOS4=; b=DXp7uZx/hqwDGYlHPmJQBkdSNXv8QLqL8y78YIWMxeWkZE4dzBbOVYufyquPprMaU1xMsi5FQOULRDNWt6YOCYdyAusfFbMXBIt86GXVkrzB8RrYhMPZgryBrPnSf/F9QblRRloWjkj0Yck5c9myacLVWToikQ4ekNVRQ8YsSMrW03IS5P4ezwVHWOOwNQ2L77FA9Fbfe6YeXRlXuP+bJytA7Ix60GkVi/f/uGFuYcnTK1wC/dRIJxR9/YwxGuWWqFkBZuOatSopch7gDRV6Rc2q9undrUwAqnHztJ3e80yWElS8d3eOjbgAfCAu/wJT30LR3xGExn8QllPRoGP8uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KcQMT4Kegn54MXexabP5203bM+2GU6bdwLOJp/4XOS4=; b=qvCZCQlV0Tp1HQYx+KANwqKwCm1RKNwoE3pqiSrhERGEMKMwG91f4sqRqi6/7DzUpTTqkyo59qNmqWUoGbL6LZQw/+MMnd41RA/cyrKedllf/ZZpoXUwMDyUKgJSIRjP4Gafm+gVsGF0oVoztPQ3LzPekR/wdgqDIqvp8TYvmG8xkz4D7qq9GDsBzXGQYAFOpo8VDpIoW4r6uiJqxdgKcLPCPk2bz+lu2/5ws8W7Gcytg4NWZTeLxz4JJn65jBuZPzm0/fnXQvOBQjak6qsvDFuSuoTBz+1RW2LcPWsKGS68DtqCFSDv3hmW60Jfekl2+G8QBr786vWjEnM9pHj3Xg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from MN2PR12MB4192.namprd12.prod.outlook.com (2603:10b6:208:1d5::15) by BN9PR12MB5163.namprd12.prod.outlook.com (2603:10b6:408:11c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.19; Thu, 22 Sep 2022 14:13:43 +0000 Received: from MN2PR12MB4192.namprd12.prod.outlook.com ([fe80::462:7fe:f04f:d0d5]) by MN2PR12MB4192.namprd12.prod.outlook.com ([fe80::462:7fe:f04f:d0d5%7]) with mapi id 15.20.5654.019; Thu, 22 Sep 2022 14:13:43 +0000 Date: Thu, 22 Sep 2022 11:13:42 -0300 From: Jason Gunthorpe To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Cc: Alex Williamson , Eric Auger , "Tian, Kevin" , "Rodel, Jorg" , Lu Baolu , Chaitanya Kulkarni , Cornelia Huck , Daniel Jordan , David Gibson , Eric Farman , "iommu@lists.linux.dev" , Jason Wang , Jean-Philippe Brucker , "Martins, Joao" , "kvm@vger.kernel.org" , Matthew Rosato , "Michael S. Tsirkin" , Nicolin Chen , Niklas Schnelle , Shameerali Kolothum Thodi , "Liu, Yi L" , Keqian Zhu , Steve Sistare , "libvir-list@redhat.com" , Laine Stump Subject: Re: [PATCH RFC v2 00/13] IOMMUFD Generic interface Message-ID: References: <0-v2-f9436d0bde78+4bb-iommufd_jgg@nvidia.com> <20220921120649.5d2ff778.alex.williamson@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ClientProxiedBy: MN2PR05CA0056.namprd05.prod.outlook.com (2603:10b6:208:236::25) To MN2PR12MB4192.namprd12.prod.outlook.com (2603:10b6:208:1d5::15) Precedence: bulk X-Mailing-List: iommu@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN2PR12MB4192:EE_|BN9PR12MB5163:EE_ X-MS-Office365-Filtering-Correlation-Id: 26583ddf-f84a-42f2-4083-08da9ca4a7ff X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nXuc6d0lpYl4VV8oObV622/ebapeEp4U5gkymdF/2CfNkuxLPqugSl9x2shUg9nRexxXQjRyfkGJqvspKZd9g+9TL829cVQiHTB2l9F2QJNCpedY0covnAIoukZzQFhT+chGTgDXaXL9sOktc0ImfW+vK6NQbtzPBBTMGsUZCBjz5kY6Gw2OJOsa0+rDREkvG9J8rNcAXvEzjsRwFE5Tn+0b9RAVpz/M5bckNvjJ9jw6xs9z2p/twIhLc3ZjOY1vBkScx/cY7PZcqH/h2qd3MbpzHH8d1zeSlHgQJf24wgrv8Zj3grgbIdEi5uJc8Dx8crj8awdXfl3d+aLKQInfVIFUCy80rcjh1RrmYvZS7tgrmjJ0ShfaGbYOgbRaBQ30qK4Enq4hYjj97v7HvEx7qDEsMUaHCUbPCoU6oTBhS3sJ8DaEtve0Iq5lWM2pkvT0f6LUOW528fc4gq5opN2bEExwzTb/R1lKmqcEiG06JaaWVZDOp1i/QKKw8Ea4+b6ZoZMaOvDHQ6zLqtOKw/Uu0uhSXT/3VCY8i9jDITuFFyjYCcltXR1Bm/SG74cWIorGwwMtV7zyG4BD7gMIOYOSgcPsedQbguw4RDTspOedcezEDxiFEIAUxyoOu8YDQYc/RJJIv2xD+S9b5JahOFKefVFLyIvrVKLgyQHiElhLporA73m3U+xDSg+gkWf1gVF81tFgiRgpMpLFJU+XUwOFnDwMd7HzW3neZHHoYhu1LMOMBuV9wXoo4m+Koa12Vk/sN6xYwgL6VC9v91eRCN9FVA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR12MB4192.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(376002)(346002)(39860400002)(366004)(136003)(451199015)(8936002)(41300700001)(38100700002)(66946007)(8676002)(4326008)(66556008)(66476007)(86362001)(36756003)(4744005)(7416002)(5660300002)(2906002)(6486002)(2616005)(6512007)(6506007)(26005)(186003)(478600001)(316002)(83380400001)(6916009)(54906003)(41533002)(67856001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VjBXWmc3dUtBMFBOY2M1ZW14dW1SMCsxay84U1A1T01tMEx5RU5PbGh1NzJZ?= =?utf-8?B?RU1QTnpjd3VVNGVmQ09iZ0ZTaUs3dTd2eHA0QnIxSDcxck5zTlFkNHFOd2Fy?= =?utf-8?B?akJIbTd0eERMMG9KVmljemNyWkV2WW9ya2IzSHNLRGRxQmhqUmRGUzg1V1Y5?= =?utf-8?B?NjdSVTNXVDVVTmFGTHBia2Y2clpEb2dTOWlSdUtkYUF0MkMzOTZrQ2dQY2Iw?= =?utf-8?B?akRaanBJOWJrK25MRUxldjJjTytDQ1B0a0RHTVgrVDB5cGVXelFOZUNlNkpn?= =?utf-8?B?TzNZRjVwbFNaWWF1eVBSTUxLOUI3ZXdFbjNJdDljOTVFcGVkdG1UczFydm1h?= =?utf-8?B?OEh0OTN1dmx0ekFvYjJ6dlhnWVlDektINGdLZW1PRW9xN2M2Tm53Z1czUGcy?= =?utf-8?B?K0xtcHFJUnNyOFRYazBJWVc4TDFqb2FBV2YreUhnSHNKZUxwUTVrSWRVdnk1?= =?utf-8?B?Q0xoTXQwQUFZYlUxMXJUMGJabktDWnhVRmVlU3dnb2xhQUQ5REh3ZG5JZUJ2?= =?utf-8?B?L0hZUHlNTENjOWRsTEc2cDBWZ3Z1R1BsWWdDbzNQcjhkd0NlVDJhamZ1YVhB?= =?utf-8?B?dkJ6TlRkd3lpZnlJcTg5MkpDR21ieE84RHVGVkQwbkRyeVBaOVBMMHdoTnBj?= =?utf-8?B?UVZITXBwWldEVGsyUEhvRnNpVjFaeHZ1aWc3eWowS1hFVkxNOHZhak4xVnNX?= =?utf-8?B?MFllMjJweTMrMXg2UG5TbVg2UFRIUmI0U3I4QzBDV29nTng4OVA5Y1hacVRo?= =?utf-8?B?Ylh6YlZYTldXejl5djFGb0ZBNXd5QStiY0VVVkxZaWp3VERRVkFqSzBlZU5F?= =?utf-8?B?NS9Yb2JVelNhUngyL2RZQU0yVHpDMkRzdUNPVmgybGZ2Q1QzcnlUYVNJZmlq?= =?utf-8?B?eFplekhpNXpaejJvU0FJb1h5NFFoRWNvYjNXL28vUE52V2dlMGV4WXNON3V5?= =?utf-8?B?MUxMV05sMFBqQjJtTmNXdHhxSGh3Zlpsb1Rzajd4V1U3amxFOTN0SUROY3JU?= =?utf-8?B?Y2RybWdySzA5SWFQMktZeEZlL2VhenpvSHczNTRaU2xxYkhWZ29hSXBmTXJN?= =?utf-8?B?bUk5NnROZS9uL0MwQUI4dDYxV0hUdzdHL2o0UUFEL0VxM0xkNVRWUWRwYzRD?= =?utf-8?B?bFJEZnJTWElxeUlkVDM1ZEl0emVwd0R0NnJ1YkZPbFpSQnNMNXMzdDQ5Rk1l?= =?utf-8?B?dWFoMm1xS216NFByZWg1MzdwODRTWm9WU2krNzd6TnlqdlZlTE8yTlVtU0V0?= =?utf-8?B?N0EzYTFWWEs3WFExVFFybDM4QnRVUmN1b0p1dVkxaFU2MWZEQklOTEN2V1kw?= =?utf-8?B?MWdNQ2xPTEVVQkMzTHRydG82VlFjMi9qT092SGI1OGZZVkV3L1J3ZnJOTG9E?= =?utf-8?B?OFJFUFF6LytROFFEeCswc2dPQy91ekkvd01zL2tNTFpRYUUyamRxSzM2SDJ6?= =?utf-8?B?TGhXMGxpNGpORlZMcEtGZmE4V0t0ZkROT05SeUp4RUF1cmE0eEtHVEUrV0Vy?= =?utf-8?B?TEM4Tzk1M0R6M0E5cWZvQ1FyZjk5R09VcTNOTXpCTlM4QVZmM1B4a3BBaytX?= =?utf-8?B?YXlTTnNwVGh1ZFdybnZIVnRrYzRsTFF3Ym9xYWtKK04vWTg2cXp2QUp1eEZY?= =?utf-8?B?UjRWUGlxelJrL3BobEptQ1ltWlI1aFh5U3p6dmRKbkdkcW85S0lUckRYdDYr?= =?utf-8?B?VVI5UEROM1ljMjlpWTJJZUI5R2VJVlYrRDZ3MHkxSTBEOXBHUWxtdGtzK0Mx?= =?utf-8?B?Y0NHb2xjRWVkaXQxbkRqNFZiQWFsbmtWL1hJY2NCOGpaS243Vnhpb0RrR2pk?= =?utf-8?B?ME93WC9uZkMrNEk2UWFiVjNqYTkxejBvbmVkbzByQmdDMjJHMUNMQ3ZEUXBF?= =?utf-8?B?cmVtQlp0RWdlekNHYVczamhMZ0Z5eFoyamJDRmlFU3ZYMjZXaHZrY3Y1dHRu?= =?utf-8?B?dTlHOHgzQ1ZneWxRNkt4bWtaYTBPYmVNaVNIZ3dlUG5vaGNlQWVoY3FJRElQ?= =?utf-8?B?MC9BaWNpMFVGL09LT0VwZVlhelc4cXJUbVphRzhqa25sQ2ZPdUZTY0QxOVV5?= =?utf-8?B?dk52TzJJazYrN1VSa2VTSTQwaktkaitGNFYzVDRITDREd2FhOHlQcmhUVTV1?= =?utf-8?Q?CSY9XuZoBDTlD7WrPAi1iESkS?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 26583ddf-f84a-42f2-4083-08da9ca4a7ff X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB4192.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2022 14:13:43.5470 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2p9A0C5rHeMvd3ZCni5eHjH9XXszVIAT0PYgGA7r1cBD0qZV5Zd6qH1Bmo5NA1kC X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR12MB5163 On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote: > So per-user locked mem accounting looks like a regression in > our VM isolation abilities compared to the per-task accounting. For this kind of API the management app needs to put each VM in its own user, which I'm a bit surprised it doesn't already do as a further protection against cross-process concerns. The question here is how to we provide enough compatability for this existing methodology while still closing the security holes and inconsistencies that exist in the kernel implementation. Jason