[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SUPPORT.MD: Clarify the support state for the Arm SMMUv{1, 2} drivers


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 24 Sep 2020 14:02:33 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EITgrlaxXCrf3TjnxUz2xAEc+4lktCe81bJ+u5lwoqQ=; b=Ohf1qziLg+g1P8pPG6fk50pq54OFlTDpj3TKZsI24yG7s9hLBuqlESDQUqXNFMr+YfAXJbGRvRF6z/4VdHU0bAPE09zechxm2+Ub8rZdHRc6TFRUPNAqz264qOHAzrMEQFhMLR9sZzIKnPFEy/430lG8AA3tk4V8TinlUCaJ5CpNQCSyvDTL5ctswoQBu7+UOPCg9RyVNHww0IIEuQqqJCGbpcKAYnG0BI70TyF11LKH0JX/BZ0SDfKxmigS94o6M4QwsGKmmA3yDQCxBCLdUzqdQA6t7tBiLdqwfEhqSKcU3GNcv2QCn4LgJWjK4RneiI+xeB/ti2ymyi3KHwY4xg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J2q5RP676Qc9B/FWof212v8zbXFM/YyDCPgxouclA2P8w6AlZRFbQABoY6yJ5NMQi7VlYpi9u6JZ3xhyIblNBR00n1cZH2LNoqf7xK0easGns0y8lzMMg9yPkxJDmvb01RDAwqXnH1v7u+sHSRtRhsUDPtEcionaCSBBAKsd01v7vAZ87NVZzBHQtlTPC7VpdbAjITkjDuvk4BXThtVeLdpd1LeLNLxySSa4XK4i4JzrtTm4Um7b5cF28fLKj/RtCN4of+OYylZAZErav11jPmPSR1McbHFrRwoa25ryxl1U9BJ6cXe+RKrnYgRXYHLZNIX++pvlLgO0bxA3ejmrVQ==
  • Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Cc: Julien Grall <julien@xxxxxxx>, "open list:X86" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 24 Sep 2020 14:02:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHWkYOU18uuLvRXIEaUzkgFl/gQ5Kl2C72AgAAHeICAACwkAIAAPxGAgAFVQAA=
  • Thread-topic: [PATCH] SUPPORT.MD: Clarify the support state for the Arm SMMUv{1, 2} drivers

Hi Stefano,

> On 23 Sep 2020, at 18:41, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> On Wed, 23 Sep 2020, Bertrand Marquis wrote:
>>> On 23 Sep 2020, at 12:17, Julien Grall <julien@xxxxxxx> wrote:
>>> On 23/09/2020 11:50, Bertrand Marquis wrote:
>>>> Hi,
>>>>> On 23 Sep 2020, at 09:28, Julien Grall <julien@xxxxxxx> wrote:
>>>>> 
>>>>> From: Julien Grall <jgrall@xxxxxxxxxx>
>>>>> 
>>>>> SMMUv{1, 2} are both marked as security supported, so we would
>>>>> technically have to issue an XSA for any IOMMU security bug.
>>>>> 
>>>>> However, at the moment, device passthrough is not security supported
>>>>> on Arm and there is no plan to change that in the next few months.
>>>>> 
>>>>> Therefore, mark Arm SMMUv{1, 2} as supported but not security supported.
>>>>> 
>>>>> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
>>>> Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>>> 
>>> Thanks!
>>> 
>>>> We will publish in the next week a first implementation of SMMUv3 support 
>>>> which might make sense to have fully Supported.
>>> 
>>> I am not sure whether you include security supported in your "fully 
>>> supported"
>> 
>> If we something is missing we will be happy to fix it to reach this goal.
>> 
>>> 
>>> However, I would consider to follow the same model as we did with the 
>>> IPMMU. The driver would first be marked as a technical preview to allow 
>>> more testing in the community.
>> 
>> I was not meaning to have this at the very beginning.
>> More that it make more sense in general to have SMMUv3 with 2 level of page 
>> table supporting this then old SMMU versions.
> 
> Just as a clarification, the distinction that we are making here is not
> to "downgrade" SMMUv1/2, but to clarify that it is not security
> supported. SMMUv1/2 is still fully supported.
> 
> Security support means that the security team will attempt to fix under
> closed door any bugs affecting it, and pre-disclose the fix at the
> appropriate time before making it fully public. It is a pretty heavy
> process in comparison to normal bug fixing and in the case of the SMMU
> doesn't make a lot of sense because device assignment in general is
> currently not security supported.

Thanks for the clarification.
Of course i never wanted to remove or downgrade SMMUv1/2 support,.

> 
> For SMMUv3, I think it makes sense for it to possibly start as "tech
> preview" for one release or two, then become "supported, not security
> supported".

Ok.

> 
> Of course if one day we make the decision to turn device assignment
> security supported, then it makes sense to also change one or more SMMU
> drivers to security supported.

Make sense yes, one does not go with the other.

Regards
Bertrand





 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.