Re: [PATCH v4 0/8] IOMMU: Add support for IOMMU Bypass Feature

[Xingang Wang]

Hi Igor,

On 2021/6/5 20:32, Igor Mammedov wrote:
> On Tue, 25 May 2021 03:49:57 +0000
> Wang Xingang <wangxingang5@huawei.com> wrote:
>
> > From: Xingang Wang <wangxingang5@huawei.com>
> >
> > These patches add support for configure bypass_iommu on/off for
> > pci root bus, including primary bus and pxb root bus. At present,
> > all root bus will go through iommu when iommu is configured,
> > which is not flexible, because in many situations the need for using
> > iommu and bypass iommu aften exists at the same time.
>
> 'many situations' doesn't describe why bypass is needed,
> can you provide a use-cases here and what are security implications
> when bypass is allowed.
> (PS: the later probably should be documented somewhere in the docs/option 
> description)
>   

It is possible that some devices support the iommu and some devices do 
not. When we need to pass through both kind of devices to a virtual
machine, bypass iommu would help.

E.g I have a HiSilicon network and computing encryption device(SEC),
which supports both iommu and noiommu mode. If I have to use a SEC in
noiommu mode along with another device which need iommu, then it would
need this bypass iommu feature.

Besides, bypass iommu would have less performance loss because there
might be many trap in and out using a virtual iommu.
However there might be potential security risks without iommu,
as devices might send malicious dma requests.
It would be necessary to only bypass iommu for trusted devices.

Thanks

Xingang

> > So this add option to enable/disable bypass_iommu for primary bus
> > and pxb root bus. The bypass_iommu property is set to false default,
> > meaning that devcies will go through iommu if no explicit configuration
> > is added. When bypass_iommu is enabled for the root bus, devices
> > attached to it will bypass iommu, otherwise devices will go through
> > iommu.
> >
> > This feature can be used in this manner:
> > arm: -machine virt,iommu=smmuv3,bypass_iommu=true
> > x86: -machine q35,bypass_iommu=true
> > pxb: -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,bypass_iommu=true
> >
> > History:
> >
> > v3 -> v4:
> > - simplify the logic in building the IORT idmap
> >
> > v2 -> v3:
> > - rebase on top of v6.0.0-rc4
> > - Took into account Eric's comments, replace with a bypass_iommu
> >    proerty
> > - When building the IORT idmap, cover the whole RID space
> >
> > v1 -> v2:
> > - rebase on top of v6.0.0-rc0
> > - Fix some issues
> > - Took into account Eric's comments, and remove the PCI_BUS_IOMMU flag,
> >    replace it with a property in PCIHostState.
> > - Add support for x86 iommu option
> >
> > Xingang Wang (8):
> >    hw/pci/pci_host: Allow bypass iommu for pci host
> >    hw/pxb: Add a bypass iommu property
> >    hw/arm/virt: Add a machine option to bypass iommu for primary bus
> >    hw/i386: Add a pc machine option to bypass iommu for primary bus
> >    hw/pci: Add pci_bus_range to get bus number range
> >    hw/arm/virt-acpi-build: Add explicit IORT idmap for smmuv3 node
> >    hw/i386/acpi-build: Add explicit scope in DMAR table
> >    hw/i386/acpi-build: Add bypass_iommu check when building IVRS table
> >
> >   hw/arm/virt-acpi-build.c            | 135 ++++++++++++++++++++++++----
> >   hw/arm/virt.c                       |  26 ++++++
> >   hw/i386/acpi-build.c                |  70 ++++++++++++++-
> >   hw/i386/pc.c                        |  18 ++++
> >   hw/pci-bridge/pci_expander_bridge.c |   3 +
> >   hw/pci-host/q35.c                   |   1 +
> >   hw/pci/pci.c                        |  33 ++++++-
> >   hw/pci/pci_host.c                   |   2 +
> >   include/hw/arm/virt.h               |   1 +
> >   include/hw/i386/pc.h                |   1 +
> >   include/hw/pci/pci.h                |   2 +
> >   include/hw/pci/pci_host.h           |   1 +
> >   12 files changed, 270 insertions(+), 23 deletions(-)
>
> .

.