Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Fri, Jan 24, 2025 at 04:30:43PM -0800, Nicolin Chen wrote: > diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c > b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c > index ceeed907a714..20a0e39d7caa 100644 > --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c > +++ b/dri

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Tue, Feb 18, 2025 at 02:52:29PM -0400, Jason Gunthorpe wrote: > On Tue, Feb 18, 2025 at 06:17:15PM +, Pranjal Shrivastava wrote: > > > > Is MEV available only in nested mode? Otherwise it perhaps makes > > > sense to turn it on in all configurations in IOMMUFD paths... > > > > I think the

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Tue, Feb 18, 2025 at 06:17:15PM +, Pranjal Shrivastava wrote: > On Tue, Feb 18, 2025 at 05:24:08AM +, Tian, Kevin wrote: > > > From: Nicolin Chen > > > Sent: Saturday, January 25, 2025 8:31 AM > > > > > > There is a DoS concern on the shared hardware event queue among devices > > > pas

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Tue, Feb 18, 2025 at 06:17:15PM +, Pranjal Shrivastava wrote: > > Is MEV available only in nested mode? Otherwise it perhaps makes > > sense to turn it on in all configurations in IOMMUFD paths... > > I think the arm-smmu-v3's iommufd implementation only supports nested > which could be th

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Tue, Feb 18, 2025 at 05:24:08AM +, Tian, Kevin wrote: > > From: Nicolin Chen > > Sent: Saturday, January 25, 2025 8:31 AM > > > > There is a DoS concern on the shared hardware event queue among devices > > passed through to VMs, that too many translation failures that belong to > > VMs cou

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Tue, Feb 18, 2025 at 01:21:20PM -0400, Jason Gunthorpe wrote: > On Fri, Jan 24, 2025 at 04:30:43PM -0800, Nicolin Chen wrote: > > --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c > > +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c > > @@ -1051,7 +1051,7 @@ void arm_smmu_get_ste_used(const __l

Re: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

On Fri, Jan 24, 2025 at 04:30:43PM -0800, Nicolin Chen wrote: > There is a DoS concern on the shared hardware event queue among devices > passed through to VMs, that too many translation failures that belong to > VMs could overflow the shared hardware event queue if those VMs or their > VMMs don't

RE: [PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

> From: Nicolin Chen > Sent: Saturday, January 25, 2025 8:31 AM > > There is a DoS concern on the shared hardware event queue among devices > passed through to VMs, that too many translation failures that belong to > VMs could overflow the shared hardware event queue if those VMs or their > VMMs

[PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

There is a DoS concern on the shared hardware event queue among devices passed through to VMs, that too many translation failures that belong to VMs could overflow the shared hardware event queue if those VMs or their VMMs don't handle/recover the devices properly. The MEV bit in the STE allows to