From: Joerg Roedel <joerg.roedel@amd.com>
To: Chris Wright <chrisw@sous-sol.org>
Cc: Joerg Roedel <joro@8bytes.org>, <linux-pci@vger.kernel.org>,
<dwmw2@infradead.org>, <iommu@lists.linux-foundation.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] iommu: Include MSI susceptibility to DMA in creating iommu groups
Date: Wed, 23 Nov 2011 11:56:12 +0100 [thread overview]
Message-ID: <20111123105612.GD11876@amd.com> (raw)
In-Reply-To: <20111121233505.GG3344@sequoia.sous-sol.org>
On Mon, Nov 21, 2011 at 03:35:05PM -0800, Chris Wright wrote:
> What is the value of a group w/out complete isolation?
There is still isolation for DMA. This may be sufficient for non-KVM
use-cases like a device driver partially implemented in userspace. There
is no no guest then that can attack the host with wrong interrupts.
> Is there a practical problem w/ conflating the subtleties above?
Same argument as above. It ties the the iommu_group interface to the KVM
use case. Another more pratical impact of this patch is that a reboot is
required to re-enable iommu-groups. When the check happens in VFIO it is
a simple module-reload.
Joerg
--
AMD Operating System Research Center
Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach
General Managers: Alberto Bozzo, Andrew Bowd
Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632
next prev parent reply other threads:[~2011-11-23 10:56 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-17 17:09 [PATCH] iommu: Include MSI susceptibility to DMA in creating iommu groups Alex Williamson
2011-11-18 4:37 ` Kai Huang
2011-11-18 5:40 ` Alex Williamson
2011-11-18 6:20 ` Kai Huang
2011-11-18 10:46 ` Joerg Roedel
2011-11-18 14:56 ` Alex Williamson
2011-11-18 15:27 ` Joerg Roedel
2011-11-18 16:32 ` Alex Williamson
2011-11-20 12:00 ` Joerg Roedel
2011-11-21 4:39 ` Kai Huang
2011-11-21 23:35 ` Chris Wright
2011-11-23 10:56 ` Joerg Roedel [this message]
2011-11-23 20:12 ` Chris Wright
2011-11-23 18:37 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111123105612.GD11876@amd.com \
--to=joerg.roedel@amd.com \
--cc=chrisw@sous-sol.org \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.