On Sun, Nov 20, 2011 at 8:00 PM, Joerg Roedel <joro@xxxxxxxxxx> wrote: > On Fri, Nov 18, 2011 at 09:32:36AM -0700, Alex Williamson wrote: >> I guess I fail to see the difference. We group devices behind certain >> bridges together because we can't distinguish DMA from those devices. >> MSI presents an address window across all devices for which we >> potentially can't distinguish between any of them. > > With an IOMMU the address window is per-device and not shared between > all devices. A MSI message is nothing more than a DMA write transaction > to a specific address. This message has a requestor-id so an IOMMU can > distinguish between devices. The AMD IOMMU for example uses that to > implement per-device remapping tables. In my understanding the Interrupt Remapping provides device isolation from the security perspective. The VFIO framework is designed to "expose direct device access to userspace, in a secure, IOMMU protected environment" (copied from vfio.txt, I am not familiar with vfio). Without Interrupt Remapping, an spurious interrupt issued by user space driver may crash other groups or the whole system entirely. >From this point, I think it is reasonable to disable group without Interrupt Remapping support in IOMMU, or at least give user a notice. -cody > >> The trouble is that interrupt remapping closing a hole in DMA isolation >> is a platform issue. Is vfio supposed to know that on architecture foo >> we don't have such a hole and we don't need to look for interrupt >> remapping. Or maybe that platform bar solved it differently and we need >> to instead check flag MSI_OK. Current KVM doesn't care about this >> because it only does device assignment on x86. > > From device standpoint a MSI transaction is always a DMA memory write > to a given address range. The IOMMU-API should export a feature flag > whether it supports filtering on those transaction or not. We have that > today with the IOMMU_CAP_INTR_REMAP. I agree that the interface to get > this information is ugly because a domain is needed. But the interface > can be fixed. While doing this I suggest to rename that feature > IOMMU_CAP_INTR_ISOLATION or something like that. > VFIO can then check for this flag on module-load and refuse to load if > it is not available. > > Regards, > > Joerg > > -- > To unsubscribe from this list: send the line "unsubscribe linux-pci" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
