Re: [PATCH 5/5] virtio: Add bounce DMA ops

From: Lu Baolu
Date: Tue Apr 28 2020 - 22:22:39 EST

Next message: Shawn Guo: "Re: [PATCH V1 1/4] ARM: imx: use device_initcall for imx_soc_device_init"
Previous message: Randy Dunlap: "Re: [PATCH V11.1] Documentation/dax: Update Usage section"
In reply to: Srivatsa Vaddagiri: "Re: [PATCH 5/5] virtio: Add bounce DMA ops"
Next in thread: Michael S. Tsirkin: "Re: [PATCH 5/5] virtio: Add bounce DMA ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020/4/29 4:41, Michael S. Tsirkin wrote:

On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:

* Michael S. Tsirkin<mst@xxxxxxxxxx> [2020-04-28 12:17:57]:

Okay, but how is all this virtio specific? For example, why not allow
separate swiotlbs for any type of device?
For example, this might make sense if a given device is from a
different, less trusted vendor.

Is swiotlb commonly used for multiple devices that may be on different trust
boundaries (and not behind a hardware iommu)?

Even a hardware iommu does not imply a 100% security from malicious
hardware. First lots of people use iommu=pt for performance reasons.
Second even without pt, unmaps are often batched, and sub-page buffers
might be used for DMA, so we are not 100% protected at all times.

For untrusted devices, IOMMU is forced on even iommu=pt is used; and
iotlb flush is in strict mode (no batched flushes); ATS is also not
allowed. Swiotlb is used to protect sub-page buffers since IOMMU can
only apply page granularity protection. Swiotlb is now used for devices
from different trust zone.

Best regards,
baolu

Next message: Shawn Guo: "Re: [PATCH V1 1/4] ARM: imx: use device_initcall for imx_soc_device_init"
Previous message: Randy Dunlap: "Re: [PATCH V11.1] Documentation/dax: Update Usage section"
In reply to: Srivatsa Vaddagiri: "Re: [PATCH 5/5] virtio: Add bounce DMA ops"
Next in thread: Michael S. Tsirkin: "Re: [PATCH 5/5] virtio: Add bounce DMA ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]