RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested S

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested S

From:	Shameerali Kolothum Thodi
Subject:	RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3
Date:	Thu, 6 Feb 2025 18:04:57 +0000


> -----Original Message-----
> From: Jason Gunthorpe <jgg@nvidia.com>
> Sent: Thursday, February 6, 2025 5:59 PM
> To: Daniel P. Berrangé <berrange@redhat.com>
> Cc: Shameerali Kolothum Thodi
> <shameerali.kolothum.thodi@huawei.com>; qemu-arm@nongnu.org;
> qemu-devel@nongnu.org; eric.auger@redhat.com;
> peter.maydell@linaro.org; nicolinc@nvidia.com; ddutile@redhat.com;
> Linuxarm <linuxarm@huawei.com>; Wangzhou (B)
> <wangzhou1@hisilicon.com>; jiangkunkun <jiangkunkun@huawei.com>;
> Jonathan Cameron <jonathan.cameron@huawei.com>;
> zhangfei.gao@linaro.org; nathanc@nvidia.com
> Subject: Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable
> nested SMMUv3
> 
> On Thu, Feb 06, 2025 at 05:54:57PM +0000, Daniel P. Berrangé wrote:
> > > > We shouldn't assume any VFIO device exists in the QEMU cnofig at the
> time
> > > > we realize the virtual ssmu. I expect the SMMU may be cold plugged,
> while
> > > > the VFIO devices may be hot plugged arbitrarly later, and we should
> have
> > > > the association initialized the SMMU is realized.
> > >
> > > This is not supported kernel side, you can't instantiate a vIOMMU
> > > without a VFIO device that uses it. For security.
> >
> > What are the security concerns here ?
> 
> You should not be able to open iommufd and manipulate iommu HW that
> you don't have a VFIO descriptor for, including creating physical
> vIOMMU resources, allocating command queues and whatever else.
> 
> Some kind of hot plug smmu would have to create a vSMMU without any
> kernel backing and then later bind it to a kernel implementation.

Not sure I get the problem with associating vSMMU with a pSMMU. Something
like an iommu instance id mentioned before,

-device arm-smmuv3-accel,id=smmuv2,bus=pcie.2,host-smmu=iommu.1

This can realize the vSMMU without actually creating a vIOMMU in kernel.
And when the dev gets attached/realized, check (GET_HW_INFO)the specified
iommu instance id matches or not.

Or the concern here is exporting an iommu instance id to user space?

Thanks,
Shameer

[Prev in Thread]

Current Thread

[Next in Thread]

RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, (continued)
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
  - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
    - RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
    - RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi <=
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
    - Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
    - RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/07

Prev by Date: Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3
Next by Date: Re: [PATCH v5 11/16] hw/microblaze: Support various endianness for s3adsp1800 machines
Previous by thread: Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3
Next by thread: Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3
Index(es):
- Date
- Thread