On Mon, Nov 09, 2020 at 12:21:22PM +0100, Thomas Gleixner wrote: > >> Is the IOMMU/Interrupt remapping unit able to catch such messages which > >> go outside the space to which the guest is allowed to signal to? If yes, > >> problem solved. If no, then IMS storage in guest memory can't ever work. > > > > This can probably work for SRIOV devices where guest owns the entire device. > > interrupt remap does have RID checks if interrupt arrives at an Interrupt handle > > not allocated for that BDF. > > > > But for SIOV devices there is no PASID filtering at the remap level since > > interrupt messages don't carry PASID in the TLP. > > PASID is irrelevant here. > > If the device sends a message then the remap unit will see the requester > ID of the device and if the message it sends is not matching the remap > tables then it's caught and the guest is terminated. At least that's how > it should be. The SIOV case is to take a single RID and split it to multiple VMs and also to the hypervisor. All these things concurrently use the same RID, and the IOMMU can't tell them apart. The hypervisor security domain owns TLPs with no PASID. Each PASID is assigned to a VM. For interrupts, today, they are all generated, with no PASID, to the same RID. There is no way for remapping to protect against a guest without checking also PASID. The relavance of PASID is this: > Again, trap emulate does not work for IMS when the IMS store is software > managed guest memory and not part of the device. And that's the whole > reason why we are discussing this. With PASID tagged interrupts and a IOMMU interrupt remapping capability that can trigger on PASID, then the platform can provide the same level of security as SRIOV - the above is no problem. The device ensures that all DMAs and all interrupts program by the guest are PASID tagged and the platform provides security by checking the PASID when delivering the interrupt. Intel IOMMU doesn't work this way today, but it makes alot of design sense. Otherwise the interrupt is effectively delivered to the hypervisor. A secure device can *never* allow a guest to specify an addr/data pair for a non-PASID tagged TLP, so the device cannot offer IMS to the guest. Jason