On Tue, May 11, 2021 at 11:05:50AM -0700, Jacob Pan wrote: > Hi Jason, > > On Tue, 11 May 2021 13:35:21 -0300, Jason Gunthorpe <j...@nvidia.com> wrote: > > > On Tue, May 11, 2021 at 09:14:52AM -0700, Jacob Pan wrote: > > > > > > Honestly, I'm not convinced we should have "kernel SVA" at all.. Why > > > > does IDXD use normal DMA on the RID for kernel controlled accesses? > > > > > > Using SVA simplifies the work submission, there is no need to do > > > map/unmap. Just bind PASID with init_mm, then submit work directly > > > either with ENQCMDS (supervisor version of ENQCMD) to a shared > > > workqueue or put the supervisor PASID in the descriptor for dedicated > > > workqueue. > > > > That is not OK, protable drivers in Linux have to sue dma map/unmap > > calls to manage cache coherence. PASID does not opt out of any of > > that. > > > Let me try to break down your concerns: > 1. portability - driver uses DMA APIs can function w/ and w/o IOMMU. is > that your concern? But PASID is intrinsically tied with IOMMU and if > the drivers are using a generic sva-lib API, why they are not portable? > SVA by its definition is to avoid map/unmap every time.
Kernel explicitly does not support this programming model. All DMA is explicit and the DMA API hides platform details like IOMMU and CPU cache coherences. Just because x86 doesn't care about this doesn't make any of it optional. If you want to do SVA PASID then it also must come with DMA APIs to manage the CPU cache coherence that are all NOP's on x86. > > I dislike this whole idea a lot. A single driver should not opt itself > > out of IOMMU based security "just because" > > Perhaps I missed your point here. This is NOT a single driver, privileged > access is a PCIe spec defined feature. We are using IOMMU sva-lib APIs, not > sure why it is by-passing. Until today the overal security of the IOMMU configuration is controlled by kernel boot parameters set by the sysadmin. This magic PASID effectively disables all IOMMU security and allows an IO device unrestricted access to the entire system memory. This is the opposite of what the admin may have specified in the various boot options. I don't like it all. Kust because the PCI sig defined this mechanism doesn't mean it is mandatory for Linux to use it. If you want the performance gain of no iommu updates then use RID based access and boot flags that have an identity translation for all RIDs. Forcing the system to create an identiy translation in all cases by having a single kernel driver create a PASID feels really wrong. Especially since there isn't any real gain in functionality or performance as it it just exposing the same things the normal DMA API would expose. Jason _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
