All of lore.kernel.org
 help / color / mirror / Atom feed
From: Avi Kivity <avi@redhat.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: "Yang, Sheng" <sheng.yang@intel.com>,
	"Han, Weidong" <weidong.han@intel.com>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	Amit Shah <amit.shah@redhat.com>,
	"benami@il.ibm.com" <benami@il.ibm.com>,
	"muli@il.ibm.com" <muli@il.ibm.com>,
	"Kay, Allen M" <allen.m.kay@intel.com>,
	"Zhang, Xiantao" <xiantao.zhang@intel.com>
Subject: Re: Remaining passthrough/VT-d tasks list
Date: Sun, 28 Sep 2008 07:22:53 +0300	[thread overview]
Message-ID: <48DF069D.90004@redhat.com> (raw)
In-Reply-To: <D8078B8B3B09934AA9F8F2D5FB3F28CE08873AF34C@pdsmsx502.ccr.corp.intel.com>

Tian, Kevin wrote:
>>
>> If the guest fails to disable interrupts on a device that shares an
>> interrupt line with the host, the host will experience an interrupt
>> flood.  Eventually the host will disable the host device as well.
>>
>>     
>
> This issue also exists on host side, that one misbehaved driver
> can hurt all other drivers sharing same irq line. 

There is no issue on the host, since all drivers operate on the same
trust level. A misbehaving driver on the host will take down the entire
system even without shared interrupts, by corrupting memory, not
releasing a lock, etc.

But if you move a driver to the guest, you expect it will be isolated
from the rest of the system, and if there are shared interrupts, it isn't.

> But it seems no
> good way to avoid it. Since not all devices support MSI, we still
> need support irq sharing possibly with above caveats given.
>
> Existing approach at least works with a sane guest driver, with
> some performance penality there.
>
>   

How can we recommend it to users? We tell them, your guests are isolated
and secure as long as they don't misbehave?

> Or do you have better alternative?
>   

No. Maybe the Neocleus polarity trick (which also reduces performance).

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.


  parent reply	other threads:[~2008-09-28  4:23 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-24  6:15 Remaining passthrough/VT-d tasks list Han, Weidong
2008-09-24  6:31 ` Yang, Sheng
2008-09-24  6:58   ` Zhang, Xiantao
2008-09-24  7:41   ` Amit Shah
2008-09-24  7:51     ` Han, Weidong
2008-09-24  8:02       ` Amit Shah
2008-09-24  8:38         ` Han, Weidong
2008-09-24  8:49           ` Avi Kivity
2008-09-24  9:56           ` Amit Shah
2008-09-24 12:25             ` Han, Weidong
2008-09-24  8:46     ` Avi Kivity
2008-09-24  9:58       ` Amit Shah
2008-09-24 10:46         ` Avi Kivity
2008-09-24 14:46           ` Han, Weidong
2008-09-24  8:38   ` Avi Kivity
2008-09-24  8:46     ` Yang, Sheng
2008-09-27  9:15     ` Yang, Sheng
2008-09-27  9:49       ` Avi Kivity
2008-09-27 10:09         ` Jan Kiszka
2008-09-27 10:16           ` Avi Kivity
2008-09-28  6:03             ` Muli Ben-Yehuda
2008-09-28  1:48         ` Tian, Kevin
2008-09-28  2:03           ` Dong, Eddie
2008-09-28  2:29             ` Tian, Kevin
2008-09-28  4:22           ` Avi Kivity [this message]
2008-09-28  4:50             ` Tian, Kevin
2008-09-28  5:04               ` Avi Kivity
2008-09-28  5:17                 ` Yang, Sheng
2008-10-05 10:18                   ` Avi Kivity
2008-09-28  5:54                 ` Yang, Sheng
2008-09-24  8:34 ` Avi Kivity
2008-09-24  8:42   ` Yang, Sheng
2008-09-24  8:53     ` Avi Kivity
2008-09-24  9:08       ` Yang, Sheng
2008-09-24  9:22         ` Avi Kivity
2008-09-24  9:43           ` Yang, Sheng
2008-09-24  9:51             ` Avi Kivity
2008-09-28  6:09               ` Yang, Sheng
2008-09-24  9:40   ` Amit Shah
2008-09-24  9:46     ` Avi Kivity
2008-09-24 15:39   ` Dong, Eddie
2008-09-27 10:11     ` Avi Kivity
2008-09-28  2:28       ` Dong, Eddie
2008-09-28  4:25         ` Avi Kivity
2008-09-28  5:54           ` Dong, Eddie
2008-09-24  8:39 ` Avi Kivity
2008-09-24  8:50   ` Han, Weidong
2008-09-24  9:12     ` Avi Kivity
2008-09-24 15:12   ` Anthony Liguori
2008-09-24 15:38     ` Avi Kivity

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48DF069D.90004@redhat.com \
    --to=avi@redhat.com \
    --cc=allen.m.kay@intel.com \
    --cc=amit.shah@redhat.com \
    --cc=benami@il.ibm.com \
    --cc=kevin.tian@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=muli@il.ibm.com \
    --cc=sheng.yang@intel.com \
    --cc=weidong.han@intel.com \
    --cc=xiantao.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.