On Fri, Dec 09, 2022 at 10:38:29AM -0400, Jason Gunthorpe wrote: > On Fri, Dec 09, 2022 at 05:54:46AM +0000, Tian, Kevin wrote: > > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > > Sent: Friday, December 9, 2022 4:26 AM > > > > > > In real HW "secure MSI" is implemented in a few different ways: > > > > > > - x86 uses "interrupt remapping" which is a block that sits between > > > the device and APIC, that can "remap" the MSI MemWr using per-RID > > > tables. Part of the remapping is discarding, the per-RID tables > > > will not contain vectors that have not been enabled for the device. > > > > > > > per-RID tables is true for AMD. > > > > However for Intel VT-d it's per-IOMMU remapping table. > > Sorry, what exactly does that mean? > > Doesn't the HW inspect the RID to determine what to do with the MSI? Okay, I get it: - x86 uses "interrupt remapping" which is a block that sits between the device and APIC, that can "remap" the MSI MemWr. AMD uses per-RID tables to implement isolation while Intel stores the authorized RID in each IRTE entry. Part of the remapping is discarding, HW will not forward MSIs that don't positively match the tables. Jason
