|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation
Hi Julien, Bertrand, On 6/16/26 21:45, Julien Grall wrote: Hi Bertrand, On 11/06/2026 07:12, Bertrand Marquis wrote:This primarily targets systems where the SMMU does not support Stage-2 translation. If we decide to keep this code, I will address the associated security considerations and document the corresponding AoU in the design. Otherwise, we can fall back to supporting only the "nested" translation case.Thanks for the feedback. I think for such setup, I would consider whether we can use the stage-1 in Xen to protect the device. AFAIK, this what Linux will do. I would be interested to hear what the other maintainers think.Giving access to the smmu to a guest means giving it a solution to access whatever he wants through a DMA engine. This is not less secure than no SMMU at all but I would definitely think that in such a case SMMU should be reserved for Xen to use it to protect from accessing other guests memory using DMA. Now i know that in some setups there are cases where a specific device cannot be used without an SMMU (mostly GPUs but there might be others). In that case, the device cannot be used easily if the kernel cannot use the SMMU to remap the memory at a convenient place for the device. We should not disallow such cases completely but we should give strong recommandations when such a setup is used.Thanks for the feedback! I think before allowing S1 without S2 we need to make sure it works and I am not convinced this is the case today. Cheers, Thank you for your feedback.There are some existing issues previously pointed out by Luca for the stage-1-only mode. I will apply fixes and make sure that this works correctly in the next version of the patch series. I will also address the associated security considerations in the design. BR, Milan
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |