From: Muli Ben-Yehuda <muli@il.ibm.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Avi Kivity <avi@redhat.com>,
kvm@vger.kernel.org, Amit Shah <amit.shah@redhat.com>,
"Kay, Allen M" <allen.m.kay@intel.com>,
Ben-Ami Yassour1 <BENAMI@il.ibm.com>
Subject: Re: [PATCH] VT-d: Fix iommu map page for mmio pages
Date: Sat, 27 Sep 2008 02:57:31 +0300 [thread overview]
Message-ID: <20080926235730.GE9118@il.ibm.com> (raw)
In-Reply-To: <48DC07DC.2010201@codemonkey.ws>
On Thu, Sep 25, 2008 at 04:51:24PM -0500, Anthony Liguori wrote:
> Muli Ben-Yehuda wrote:
>> On Thu, Sep 25, 2008 at 05:45:30PM +0300, Avi Kivity wrote:
>>
>>> Han, Weidong wrote:
>>>
>>>> Is it possible DMA into an mmio page?
>>> I don't see why not.
>>>
>>
>> Two reasons. First it makes no sense. MMIO pages don't have RAM
>> backing them, they have another device's register window. So the
>> effect of DMA'ing into an MMIO page would be for one device to DMA
>> into the register window of another device, which sounds to me insane.
>>
>
> MMIO isn't just a register window. It may be an on-device buffer.
Unlikely, but ok.
> For instance, all packets are stored in a buffer on the ne2k that's
> mapped via mmio. It would seem entirely reasonable to me to program
> an IDE driver to DMA directly into the devices packet buffer.
It would be insane to me. Have you tried this on real hardware and
seen it work?
>> Second, and more importantly, I've seen systems where doing the
>> above caused a nice, immediate, reboot. So I think that unless
>> someone comes with a valid scenario where we need to support it or
>> something breaks, we'd better err on the side of caution and not
>> map pages that should not be DMA targets.
>>
>
> Xen maps the MMIO pages into the VT-d table. The system you were using
> could have just been busted. I think the burden is to prove that this is
> illegal (via the architecture specification).
I strongly disagree. You are advocating something that is potentially
unsafe---for the sake of code simplicity?! I am advocating caution in
what we let an *untrusted* guest do.
Cheers,
Muli
--
The First Workshop on I/O Virtualization (WIOV '08)
Dec 2008, San Diego, CA, http://www.usenix.org/wiov08/
xxx
SYSTOR 2009---The Israeli Experimental Systems Conference
http://www.haifa.il.ibm.com/conferences/systor2009/
next prev parent reply other threads:[~2008-09-26 23:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-19 7:15 [PATCH] VT-d: Fix iommu map page for mmio pages Han, Weidong
2008-09-25 10:27 ` Avi Kivity
2008-09-25 13:44 ` Han, Weidong
2008-09-25 13:58 ` Avi Kivity
2008-09-25 14:07 ` Han, Weidong
2008-09-25 14:45 ` Avi Kivity
2008-09-25 15:04 ` Anthony Liguori
2008-09-25 15:19 ` Han, Weidong
2008-09-25 21:14 ` Muli Ben-Yehuda
2008-09-25 21:51 ` Anthony Liguori
2008-09-26 23:57 ` Muli Ben-Yehuda [this message]
2008-09-27 10:24 ` Avi Kivity
2008-09-28 6:07 ` Muli Ben-Yehuda
2008-09-28 8:45 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080926235730.GE9118@il.ibm.com \
--to=muli@il.ibm.com \
--cc=BENAMI@il.ibm.com \
--cc=allen.m.kay@intel.com \
--cc=amit.shah@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.