From: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
To: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: Stefan Hajnoczi <stefanha@gmail.com>,
qemu-devel@nongnu.org, joro@8bytes.org, paul@codesourcery.com,
kvm@vger.kernel.org, avi@redhat.com
Subject: Re: [Qemu-devel] Re: Status update
Date: Fri, 2 Jul 2010 20:17:43 +0300 [thread overview]
Message-ID: <20100702171743.GB6809@localhost> (raw)
In-Reply-To: <20100702094155.GC16712@valinux.co.jp>
On Fri, Jul 02, 2010 at 06:41:55PM +0900, Isaku Yamahata wrote:
> On Fri, Jul 02, 2010 at 09:03:39AM +0100, Stefan Hajnoczi wrote:
> > On Thu, Jul 1, 2010 at 8:30 PM, Eduard - Gabriel Munteanu
> > <eduard.munteanu@linux360.ro> wrote:
> > > But suddenly the guest OS changes mappings and expects the IOMMU to
> > > enforce them as soon as invalidation commands are completed. The guest
> > > then reclaims the old space for other uses. This leaves an opportunity
> > > for those processes to corrupt or read sensitive data.
>
> In such a case, OS should put device into quiescence by reset like
> pci bus reset or pcie function level reset.
> pci bus reset patch hasn't been merged yet, though.
> It needs clean up/generalization.
>
> --
> yamahata
I wouldn't count on that. When the IOMMU notifies software of command
completion, then that notification should be correct. So if we count on
'pci bus reset' we either don't execute INVALIDATE_* and COMPLETION_WAIT
commands, or we issue bogus notifications (e.g. they'd be nops). That
goes against the specs, and I'm not sure there's any good reason a
non-KVM/QEMU-aware OS would reset the device in _all_ cases.
For some background on this, mappings updates are followed by
INVALIDATE_* commands and then a COMPLETION_WAIT (to wait for
invalidation to finish).
Eduard
WARNING: multiple messages have this Message-ID (diff)
From: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
To: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: kvm@vger.kernel.org, Stefan Hajnoczi <stefanha@gmail.com>,
joro@8bytes.org, qemu-devel@nongnu.org, avi@redhat.com,
paul@codesourcery.com
Subject: Re: [Qemu-devel] Re: Status update
Date: Fri, 2 Jul 2010 20:17:43 +0300 [thread overview]
Message-ID: <20100702171743.GB6809@localhost> (raw)
In-Reply-To: <20100702094155.GC16712@valinux.co.jp>
On Fri, Jul 02, 2010 at 06:41:55PM +0900, Isaku Yamahata wrote:
> On Fri, Jul 02, 2010 at 09:03:39AM +0100, Stefan Hajnoczi wrote:
> > On Thu, Jul 1, 2010 at 8:30 PM, Eduard - Gabriel Munteanu
> > <eduard.munteanu@linux360.ro> wrote:
> > > But suddenly the guest OS changes mappings and expects the IOMMU to
> > > enforce them as soon as invalidation commands are completed. The guest
> > > then reclaims the old space for other uses. This leaves an opportunity
> > > for those processes to corrupt or read sensitive data.
>
> In such a case, OS should put device into quiescence by reset like
> pci bus reset or pcie function level reset.
> pci bus reset patch hasn't been merged yet, though.
> It needs clean up/generalization.
>
> --
> yamahata
I wouldn't count on that. When the IOMMU notifies software of command
completion, then that notification should be correct. So if we count on
'pci bus reset' we either don't execute INVALIDATE_* and COMPLETION_WAIT
commands, or we issue bogus notifications (e.g. they'd be nops). That
goes against the specs, and I'm not sure there's any good reason a
non-KVM/QEMU-aware OS would reset the device in _all_ cases.
For some background on this, mappings updates are followed by
INVALIDATE_* commands and then a COMPLETION_WAIT (to wait for
invalidation to finish).
Eduard
next prev parent reply other threads:[~2010-07-02 17:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-29 17:25 Status update Eduard - Gabriel Munteanu
2010-06-29 17:25 ` [Qemu-devel] " Eduard - Gabriel Munteanu
2010-06-30 8:37 ` Stefan Hajnoczi
2010-06-30 8:37 ` [Qemu-devel] " Stefan Hajnoczi
2010-07-01 19:30 ` Eduard - Gabriel Munteanu
2010-07-01 19:30 ` [Qemu-devel] " Eduard - Gabriel Munteanu
2010-07-02 8:03 ` Stefan Hajnoczi
2010-07-02 8:03 ` [Qemu-devel] " Stefan Hajnoczi
2010-07-02 9:41 ` Isaku Yamahata
2010-07-02 9:41 ` Isaku Yamahata
2010-07-02 17:17 ` Eduard - Gabriel Munteanu [this message]
2010-07-02 17:17 ` Eduard - Gabriel Munteanu
2010-07-02 17:05 ` Eduard - Gabriel Munteanu
2010-07-02 17:05 ` [Qemu-devel] " Eduard - Gabriel Munteanu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100702171743.GB6809@localhost \
--to=eduard.munteanu@linux360.ro \
--cc=avi@redhat.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=yamahata@valinux.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.