On Fri, 18 Jun 2021 08:37:35 -0700 "Raj, Ashok" <ashok.raj@xxxxxxxxx> wrote: > On Fri, Jun 18, 2021 at 12:15:06PM -0300, Jason Gunthorpe wrote: > > On Fri, Jun 18, 2021 at 03:47:51PM +0200, Joerg Roedel wrote: > > > Hi Kevin, > > > > > > On Thu, Jun 17, 2021 at 07:31:03AM +0000, Tian, Kevin wrote: > > > > Now let's talk about the new IOMMU behavior: > > > > > > > > - A device is blocked from doing DMA to any resource outside of > > > > its group when it's probed by the IOMMU driver. This could be a > > > > special state w/o attaching to any domain, or a new special domain > > > > type which differentiates it from existing domain types (identity, > > > > dma, or unmanged). Actually existing code already includes a > > > > IOMMU_DOMAIN_BLOCKED type but nobody uses it. > > > > > > There is a reason for the default domain to exist: Devices which require > > > RMRR mappings to be present. You can't just block all DMA from devices > > > until a driver takes over, we put much effort into making sure there is > > > not even a small window in time where RMRR regions (unity mapped regions > > > on AMD) are not mapped. > > > > Yes, I think the DMA blocking can only start around/after a VFIO type > > driver has probed() and bound to a device in the group, not much > > different from today. > > Does this mean when a device has a required "RMRR" that requires a unity > mapping we block assigning those devices to guests? I remember we had some > restriction but there was a need to go around it at some point in time. > > - Either we disallow assigning devices with RMRR > - Break that unity map when the device is probed and after which any RMRR > access from device will fault. We currently disallow assignment of RMRR encumbered devices except for the known cases of USB and IGD. In the general case, an RMRR imposes a requirement on the host system to maintain ranges of identity mapping that is incompatible with userspace ownership of the device and IOVA address space. AFAICT, nothing changes in the /dev/iommu model that would make it safe to entrust userspace with RMRR encumbered devices. Thanks, Alex
