public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Jason Gunthorpe <jgg@nvidia.com>
To: "Luck, Tony" <tony.luck@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>,
	Christoph Hellwig <hch@infradead.org>,
	LKML <linux-kernel@vger.kernel.org>,
	"iommu@lists.linux-foundation.org"
	<iommu@lists.linux-foundation.org>,
	Joerg Roedel <joro@8bytes.org>,
	Lu Baolu <baolu.lu@linux.intel.com>,
	Jean-Philippe Brucker <jean-philippe@linaro.com>,
	"Liu, Yi L" <yi.l.liu@intel.com>,
	"Raj, Ashok" <ashok.raj@intel.com>,
	"Tian, Kevin" <kevin.tian@intel.com>,
	"Jiang, Dave" <dave.jiang@intel.com>,
	"wangzhou1@hisilicon.com" <wangzhou1@hisilicon.com>,
	"zhangfei.gao@linaro.org" <zhangfei.gao@linaro.org>,
	"vkoul@kernel.org" <vkoul@kernel.org>,
	David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v4 1/2] iommu/sva: Tighten SVA bind API with explicit flags
Date: Thu, 13 May 2021 16:20:14 -0300	[thread overview]
Message-ID: <20210513192014.GU1002214@nvidia.com> (raw)
In-Reply-To: <e9dd39aa8a144c23beffa5ca58936385@intel.com>

On Thu, May 13, 2021 at 07:14:54PM +0000, Luck, Tony wrote:
> > If you want this then be explicit about what it is you are making when
> > building the API. Don't try to hide it under some generic idea of
> > "kernel PCI DMA SVA"
> 
> So, a special API call (that Dave can call from IDXD) to set up this
> kernel PASID. With suitable documentation to explain the scope.
> Maybe with a separate CONFIG option so it can be completely
> stubbed out (IDXD does *NOT* "select" this option ... users have
> to explicitly pick it).
> 
> > I could easily see an admin option to "turn this off" entirely as
> > being too dangerous, especially if the users have no interest in IDXD.
> 
> And a kernel command line option to block IDXD from using that
> special API ... for users on generic kernels who want to block
> this use model (but still use IDXD in non-kernel cases). Users
> who don't want IDXD at all can block loading of the driver.

A generic IOMMU API should not be IDXD specific, if you want to allow
some special "integrated to the SOC accelerator PASID" mode then it
should be a global IOMMU API and any security toggles for it should be
global and unrelated to IDXD.

Concurrently it seems necessary to have a solution for secure kernel
PASID use under the DMA API and reserve this special mode for getting
higher performance.

I think you need to come with a proposal, and it is a bit alarming a
noteworthy security hole was added under the guise of "kernel SVA" :(

Jason

  reply	other threads:[~2021-05-13 19:20 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-10 13:25 [PATCH v4 0/2] Simplify and restrict IOMMU SVA APIs Jacob Pan
2021-05-10 13:25 ` [PATCH v4 1/2] iommu/sva: Tighten SVA bind API with explicit flags Jacob Pan
2021-05-10 23:37   ` Jason Gunthorpe
2021-05-11  3:31     ` Jacob Pan
2021-05-11 11:48       ` Jason Gunthorpe
2021-05-11 16:14         ` Jacob Pan
2021-05-11 16:35           ` Jason Gunthorpe
2021-05-11 18:05             ` Jacob Pan
2021-05-11 19:47               ` Jason Gunthorpe
2021-05-12  6:37                 ` Christoph Hellwig
2021-05-13 13:00                   ` Jacob Pan
2021-05-13 13:38                     ` Jason Gunthorpe
2021-05-13 15:10                       ` Jacob Pan
2021-05-13 16:44                         ` Luck, Tony
2021-05-13 17:33                           ` Jason Gunthorpe
2021-05-13 18:53                             ` Luck, Tony
2021-05-13 19:00                               ` Jason Gunthorpe
2021-05-13 19:14                                 ` Luck, Tony
2021-05-13 19:20                                   ` Jason Gunthorpe [this message]
2021-05-13 19:46                                     ` Jacob Pan
2021-05-13 19:57                                       ` Luck, Tony
2021-05-13 20:22                                         ` Jacob Pan
2021-05-13 22:31                                           ` Jason Gunthorpe
2021-05-13 23:40                                             ` Jacob Pan
2021-05-17 14:37                                               ` Jason Gunthorpe
2021-05-19 15:46                                                 ` Jacob Pan
2021-05-12 10:18   ` Jean-Philippe Brucker
2021-05-10 13:25 ` [PATCH v4 2/2] iommu/sva: Remove mm parameter from SVA bind API Jacob Pan
2021-05-12 10:24   ` Jean-Philippe Brucker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210513192014.GU1002214@nvidia.com \
    --to=jgg@nvidia.com \
    --cc=ashok.raj@intel.com \
    --cc=baolu.lu@linux.intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dwmw2@infradead.org \
    --cc=hch@infradead.org \
    --cc=iommu@lists.linux-foundation.org \
    --cc=jacob.jun.pan@linux.intel.com \
    --cc=jean-philippe@linaro.com \
    --cc=joro@8bytes.org \
    --cc=kevin.tian@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tony.luck@intel.com \
    --cc=vkoul@kernel.org \
    --cc=wangzhou1@hisilicon.com \
    --cc=yi.l.liu@intel.com \
    --cc=zhangfei.gao@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox