From: Jason Gunthorpe <jgg@ziepe.ca>
To: Jean-Philippe Brucker <jean-philippe@linaro.org>
Cc: Niklas Schnelle <schnelle@linux.ibm.com>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [RFC] iommu/virtio: Use single flush queue (EXPERIMENTAL)
Date: Wed, 2 Aug 2023 10:44:25 -0300 [thread overview]
Message-ID: <ZMpduWLdRXhUEx6O@ziepe.ca> (raw)
In-Reply-To: <20230802123612.GA6142@myrica>
On Wed, Aug 02, 2023 at 01:36:12PM +0100, Jean-Philippe Brucker wrote:
> automatically get plugged into a VM without user intervention. Here I
> guess the devices we don't trust will be virtual devices implemented by
> other VMs. We don't have any method to identify them yet, so
> iommu.strict=1 and CONFIG_IOMMU_DEFAULT_DMA_STRICT is the best we can do
> at the moment.
VM's should work the same way as bare metal. The hypervisor should
pass in an ACPI/etc indication if specific devices are to be
untrusted. Otherwise the VM should assume trusted devices.
The hypervisor can already read all the VM's memory, it doesn't make
alot of sense for the VM to try and be defensive here in the general
case.
Jason
next prev parent reply other threads:[~2023-08-02 13:44 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-17 11:00 [PATCH v11 0/6] iommu/dma: s390 DMA API conversion and optimized IOTLB flushing Niklas Schnelle
2023-07-17 11:00 ` [PATCH v11 1/6] iommu: Allow .iotlb_sync_map to fail and handle s390's -ENOMEM return Niklas Schnelle
2023-07-17 11:00 ` [PATCH v11 2/6] s390/pci: prepare is_passed_through() for dma-iommu Niklas Schnelle
2023-07-17 11:00 ` [PATCH v11 3/6] s390/pci: Use dma-iommu layer Niklas Schnelle
2023-07-17 11:00 ` [PATCH v11 4/6] iommu/s390: Force ISM devices to use IOMMU_DOMAIN_DMA Niklas Schnelle
2023-07-19 12:56 ` Matthew Rosato
2023-08-18 19:10 ` Robin Murphy
2023-08-23 10:53 ` Niklas Schnelle
2023-07-17 11:00 ` [PATCH v11 5/6] iommu/dma: Allow a single FQ in addition to per-CPU FQs Niklas Schnelle
2023-08-18 18:16 ` Robin Murphy
2023-08-23 14:21 ` Niklas Schnelle
2023-08-29 15:39 ` Robin Murphy
2023-07-17 11:00 ` [PATCH v11 6/6] iommu/dma: Use a large flush queue and timeout for shadow_on_flush Niklas Schnelle
2023-08-18 19:06 ` Robin Murphy
2023-07-26 11:14 ` [RFC] iommu/virtio: Use single flush queue (EXPERIMENTAL) Niklas Schnelle
2023-08-02 12:36 ` Jean-Philippe Brucker
2023-08-02 13:44 ` Jason Gunthorpe [this message]
2023-08-25 12:22 ` Niklas Schnelle
2023-08-18 16:51 ` [PATCH v11 0/6] iommu/dma: s390 DMA API conversion and optimized IOTLB flushing Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMpduWLdRXhUEx6O@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=baolu.lu@linux.intel.com \
--cc=borntraeger@linux.ibm.com \
--cc=hch@infradead.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=robin.murphy@arm.com \
--cc=schnelle@linux.ibm.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox