Hi Jean, Jacob, On 6/18/19 4:04 PM, Jean-Philippe Brucker wrote: > On 12/06/2019 19:53, Jacob Pan wrote: >>>> You are right, the worst case of the spurious PS is to terminate the >>>> group prematurely. Need to know the scope of the HW damage in case >>>> of mdev where group IDs can be shared among mdevs belong to the >>>> same PF. >>> >>> But from the IOMMU fault API point of view, the full page request is >>> identified by both PRGI and PASID. Given that each mdev has its own >>> set of PASIDs, it should be easy to isolate page responses per mdev. >>> >> On Intel platform, devices sending page request with private data must >> receive page response with matching private data. If we solely depend >> on PRGI and PASID, we may send stale private data to the device in >> those incorrect page response. Since private data may represent PF >> device wide contexts, the consequence of sending page response with >> wrong private data may affect other mdev/PASID. >> >> One solution we are thinking to do is to inject the sequence #(e.g. >> ktime raw mono clock) as vIOMMU private data into to the guest. Guest >> would return this fake private data in page response, then host will >> send page response back to the device that matches PRG1 and PASID and >> private_data. >> >> This solution does not expose HW context related private data to the >> guest but need to extend page response in iommu uapi. >> >> /** >> * struct iommu_page_response - Generic page response information >> * @version: API version of this structure >> * @flags: encodes whether the corresponding fields are valid >> * (IOMMU_FAULT_PAGE_RESPONSE_* values) >> * @pasid: Process Address Space ID >> * @grpid: Page Request Group Index >> * @code: response code from &enum iommu_page_response_code >> * @private_data: private data for the matching page request >> */ >> struct iommu_page_response { >> #define IOMMU_PAGE_RESP_VERSION_1 1 >> __u32 version; >> #define IOMMU_PAGE_RESP_PASID_VALID (1 << 0) >> #define IOMMU_PAGE_RESP_PRIVATE_DATA (1 << 1) >> __u32 flags; >> __u32 pasid; >> __u32 grpid; >> __u32 code; >> __u32 padding; >> __u64 private_data[2]; >> }; >> >> There is also the change needed for separating storage for the real and >> fake private data. >> >> Sorry for the last minute change, did not realize the HW implications. >> >> I see this as a future extension due to limited testing, > > I'm wondering how we deal with: > (1) old userspace that won't fill the new private_data field in > page_response. A new kernel still has to support it. > (2) old kernel that won't recognize the new PRIVATE_DATA flag. Currently > iommu_page_response() rejects page responses with unknown flags. > > I guess we'll need a two-way negotiation, where userspace queries > whether the kernel supports the flag (2), and the kernel learns whether > it should expect the private data to come back (1). > >> perhaps for >> now, can you add paddings similar to page request? Make it 64B as well. > > I don't think padding is necessary, because iommu_page_response is sent > by userspace to the kernel, unlike iommu_fault which is allocated by > userspace and filled by the kernel. > > Page response looks a lot more like existing VFIO mechanisms, so I > suppose we'll wrap the iommu_page_response structure and include an > argsz parameter at the top: > > struct vfio_iommu_page_response { > u32 argsz; > struct iommu_page_response pr; > }; > > struct vfio_iommu_page_response vpr = { > .argsz = sizeof(vpr), > .pr = ... > ... > }; > > ioctl(devfd, VFIO_IOMMU_PAGE_RESPONSE, &vpr); > > In that case supporting private data can be done by simply appending a > field at the end (plus the negotiation above). Sorry I did not quite follow the spurious response discussion but I just noticed we still do have, upstream, in iommu_unregister_device_fault_handler: /* we cannot unregister handler if there are pending faults */ if (!list_empty(¶m->fault_param->faults)) { ret = -EBUSY; goto unlock; } So did you eventually decide to let iommu_unregister_device_fault_handler fail or is an oversight? Thanks Eric > > Thanks, > Jean > _______________________________________________ > iommu mailing list > iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linuxfoundation.org/mailman/listinfo/iommu > _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm