[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate
From: |
Jean-Philippe Brucker |
Subject: |
Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate |
Date: |
Thu, 9 Jan 2020 11:40:32 +0100 |
On Thu, Jan 09, 2020 at 09:58:49AM +0100, Auger Eric wrote:
> >> I share Peter's concern about having a different default policy than x86.
> >
> > Yes I'd say just align with whatever policy is already in place. Do you
> > think we could add a command-line option to let people disable
> > default-bypass, though? That would be a convenient way to make the IOMMU
> > protection airtight for those who need it.
> Yes I could easily add a device option to disable the default bypass.
>
> Shall we change the meaning of the F_BYPASS feature then? If exposed by
> the device, the device does bypass by default, otherwise it doesn't.
> This would be controlled by the device option.
For a device that doesn't do bypass by default, the driver wouldn't have
the ability to enable bypass (feature bit not offered, not negotiable).
> The driver then could have means to overwrite this behavior once loaded?
Let's keep the bypass feature bit for this. If the bit is offered, the
driver chooses to enable or disable it. If the bit is not offered or not
negotiated, then the behavior is deny. If the bit is offered and
negotiated then the behavior is allow.
We can say that before features negotiation (latched at features register
write, I think, in practice?) the behavior is platform dependent. The
current wording about bypass intends to discourage unsafe choices but
makes a strong statement only about the device behavior after features
negotiation.
We could add a second feature bit specifically for the boot bypass
behavior. It wouldn't be useful to the OS (the driver doesn't have a
choice) but could present a bit in config space that allows a firmware to
disable boot-bypass in a way that is sticky across reset. So when the OS
resets the device after taking it over, it doesn't accidentally enable
bypass. I wouldn't bother though. If a FW/bootloader is able to support
virtio-iommu, the user might as well instantiate the device with the
default-deny option.
Thanks,
Jean
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Jean-Philippe Brucker, 2020/01/06
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Peter Xu, 2020/01/06
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Jean-Philippe Brucker, 2020/01/07
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Auger Eric, 2020/01/08
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Jean-Philippe Brucker, 2020/01/09
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Auger Eric, 2020/01/09
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate,
Jean-Philippe Brucker <=
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Auger Eric, 2020/01/09
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Jean-Philippe Brucker, 2020/01/09
- Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate, Auger Eric, 2020/01/09