From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF995214816 for ; Wed, 22 Jan 2025 17:17:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737566278; cv=none; b=Tq67B1/QQ6gLq1sHqNQQ+IwQiRTHu2SHbcms2mBcbgKADz5TfkBW/QDznOdyeccAgenpYDnBGCzkVTRUObdjs4UtMFpFY2Dan1NXuY01o+aXaTMgsJRCL0Yap3mi+nZaax9dBu8slH+N5XBlHHxt10mDGoQVxNX7LZVMbzxTw/s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737566278; c=relaxed/simple; bh=/lUAT6DC5qJzsUrTEn83i5l+5lpAvulwBd3TRcaxpsE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=TWVZXoF3UllXJjd1TPUmnJXrgXWtfk3lsNYAn2mTSDm7yspz1mdPT/F15xgRDrEJcfn9/pWTkC6nLrqbkgqr7sAgdtj/c7eBHQv2gin6l7/JZOOQ9jBRkIpt+C82hP3zZSblsUVo7j9rkuUYpvUgrzKmkQYJgb2yBzM9TXjq/q8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ctk1MzPy; arc=none smtp.client-ip=209.85.128.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ctk1MzPy" Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-43621d2dd4cso71245e9.0 for ; Wed, 22 Jan 2025 09:17:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737566275; x=1738171075; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=rVn+04C2RZSnNCuyRNAtEoZLpXdVmoal+q/IITqcBxo=; b=ctk1MzPylhLQd+BdVkxjTAJzQXTvsV0TR6PperS41TIl2Ci5WYq9eI1MfvWx3Y58SY xoCMMRcQ47eRu3PXOgKq4rANKQt6Mu51iQG+J6Y14e+attO9FPx31uPvVv7iHQt6hsrP QUdwuYW1yb6P3BK49grQ3qeCAYAsR+gWSyp7gcf/mXWitjRf1x+kUyj6UsCcWxkx4Lqg uzV5iW7BMVzRlC62FhH20whH2veiwtw/jBB4oOavRt+Sh9c2Db5apXaqK5owN4HcNVC5 JprIQilaKABlFlfqil01urygndjm5larAmvYSvkuXTPKJc50ZuydFBfQSyIMPR87ldxI k9pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737566275; x=1738171075; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rVn+04C2RZSnNCuyRNAtEoZLpXdVmoal+q/IITqcBxo=; b=Ams90C3Ohfm5mWcP81y3PGyVCltjWMpmKNrqnKeFnSA8XRXd0+kHoln4c13W6Ivsjj a6/WPcmUz/RaaIie7vJAcooFWSS9PySe/xpAQ4r2NPEXkdsLDzkSdmXHZvnXgsXR8Hsl bZzuM9KvGt3CWoL5l8f05bFMc3ZQNMpwO04XkvpKibuMlxtKXfIcHauu4h8YmRdh4cJB ffLpz1gkA+MKOFTSyIFIf2X+DX6q4zrqSUg9gPLlw8+EYDf8xvoehXFBT5CEMY8/+0lJ 01XpgmmzGn3WRtsk+GfkRukYHFXtMfu8tYhIVDrOapM0+Pi8FrVkoLR0jU5ghWwgBq0s ltIA== X-Forwarded-Encrypted: i=1; AJvYcCWAwK73S/8xBwwNhvD32lq9KpljwJYJwzQ8HCu4zclAWASu4mfLlmPlHP7xRFgz9HxHLHtA81NBkrHn4k4=@vger.kernel.org X-Gm-Message-State: AOJu0YyxlhQ9vueM8xQiC1D3nY+L171ijB0jWGcCijBnsO+ykljEYUXF 9dVxBEvDeQvSG3u1VSygssznKCJ062Qtt2OWPDNRZrqqxqSzl+Bo9YahK+5k+g== X-Gm-Gg: ASbGncuCO8sClYMnHoeCsZs1LDtFgy3GFlnaLMdHvRXU/SD5Evf+kSO2t+Wrqs5rm1O 0kb0f97CiVUuj5jIKSW1GKir0b66DKUFMN9Pk8vgveqBH60Ykw1zgAYPlJPTNd/BEc1RbVnA2uk F+MFGBREX5ynBeh64JzvnC95kjxz8S46oECYl2tWhRxRm7P1cqFpfEL3LFRWCacibx7fDwZEmA+ nkp7ZlBPtIB5oi7atKk3wYJz4RQjnTfh7zBIkmznbraiWJ3z2YHl5W/oWp7pp47/c7Jm32NRcIS zDcM6QXEGHreSZhJ++DzcBgcd5HP6A== X-Google-Smtp-Source: AGHT+IEcwSDzQsZnDZKS1v3rTQ17LH/kmqqhoYTY24yzjHG6NB2YOSFoasiucC8pKLaOn7Z5/gfrAw== X-Received: by 2002:a05:600c:314a:b0:42b:a961:e51 with SMTP id 5b1f17b1804b1-438b214a8afmr1528605e9.0.1737566274993; Wed, 22 Jan 2025 09:17:54 -0800 (PST) Received: from google.com (88.140.78.34.bc.googleusercontent.com. [34.78.140.88]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38bf3214c5csm16835486f8f.8.2025.01.22.09.17.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jan 2025 09:17:54 -0800 (PST) Date: Wed, 22 Jan 2025 17:17:50 +0000 From: Mostafa Saleh To: Jason Gunthorpe Cc: "Tian, Kevin" , "iommu@lists.linux.dev" , "kvmarm@lists.linux.dev" , "linux-kernel@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "catalin.marinas@arm.com" , "will@kernel.org" , "maz@kernel.org" , "oliver.upton@linux.dev" , "joey.gouly@arm.com" , "suzuki.poulose@arm.com" , "yuzenghui@huawei.com" , "robdclark@gmail.com" , "joro@8bytes.org" , "robin.murphy@arm.com" , "jean-philippe@linaro.org" , "nicolinc@nvidia.com" , "vdonnefort@google.com" , "qperret@google.com" , "tabba@google.com" , "danielmentz@google.com" , "tzukui@google.com" Subject: Re: [RFC PATCH v2 00/58] KVM: Arm SMMUv3 driver for pKVM Message-ID: References: <20241212180423.1578358-1-smostafa@google.com> <20241212194119.GA4679@ziepe.ca> <20250102201614.GA26854@ziepe.ca> <20250116191455.GC674319@ziepe.ca> <20250122162055.GV674319@ziepe.ca> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20250122162055.GV674319@ziepe.ca> On Wed, Jan 22, 2025 at 12:20:55PM -0400, Jason Gunthorpe wrote: > On Wed, Jan 22, 2025 at 11:04:24AM +0000, Mostafa Saleh wrote: > > AFAIK, the most common use cases would be: > > - Devices using DMA API because it requires a lot of memory to be > > contiguous in IOVA, which is hard to do with identity > > This is not a feature of the DMA API any driver should rely on .. Are > you aware of one that does? > I’d guess one example is media drivers, they usually need large contiguous buffers, and would use for ex dma_alloc_coherent(), if the IOMMU is disabled or bypassed, that means that the kernel has to find such contiguous size in the physical address which can be impossible on devices with small memory as mobile devices. Similarly. I will look more into this while working on the patches to identity map everything for v3, and I’d see what kind of issues I hit. > > - Devices with security requirements/constraints to be isolated from the > > rest of the system, also using DMA API > > This is real, but again, in a mobile context does this even exist? It isn't > like there are external PCIe ports that need securing on a phone? It’s not just about completely external devices, it’s a defence in depth measure, where for example, network devices can be poked externally an there have cases in the past where exploits were found[1], so some vendors might have a policy to isolate such devices. Which I believe is a valid. [1] https://lwn.net/ml/oss-security/20221013101046.GB20615@suse.de/ Thanks, Mostafa > > > - VFIO is something we are looking at the moment and have prototyped with > > pKVM, and it should be supported soon in Android (only for platform > > devices for now) > > Yes, this makes sense > > Jason