From: Avi Kivity <avi@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Tom Lyon <pugs@cisco.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
chrisw@sous-sol.org, joro@8bytes.org, hjk@linutronix.de,
gregkh@suse.de, aafabbri@cisco.com, scofeldm@cisco.com
Subject: Re: [PATCH] VFIO driver: Non-privileged user level PCI drivers
Date: Sun, 30 May 2010 15:27:05 +0300 [thread overview]
Message-ID: <4C025999.7080706@redhat.com> (raw)
In-Reply-To: <20100530121944.GH27611@redhat.com>
On 05/30/2010 03:19 PM, Michael S. Tsirkin wrote:
> On Fri, May 28, 2010 at 04:07:38PM -0700, Tom Lyon wrote:
>
>> The VFIO "driver" is used to allow privileged AND non-privileged processes to
>> implement user-level device drivers for any well-behaved PCI, PCI-X, and PCIe
>> devices.
>> Signed-off-by: Tom Lyon<pugs@cisco.com>
>> ---
>> This patch is the evolution of code which was first proposed as a patch to
>> uio/uio_pci_generic, then as a more generic uio patch. Now it is taken entirely
>> out of the uio framework, and things seem much cleaner. Of course, there is
>> a lot of functional overlap with uio, but the previous version just seemed
>> like a giant mode switch in the uio code that did not lead to clarity for
>> either the new or old code.
>>
> IMO this was because this driver does two things: programming iommu and
> handling interrupts. uio does interrupt handling.
> We could have moved iommu / DMA programming to
> a separate driver, and have uio work with it.
> This would solve limitation of the current driver
> that is needs an iommu domain per device.
>
How do we enforce security then? We need to ensure that unprivileged
users can only use the device with an iommu.
>> [a pony for avi...]
>> The major new functionality in this version is the ability to deal with
>> PCI config space accesses (through read& write calls) - but includes table
>> driven code to determine whats safe to write and what is not.
>>
> I don't really see why this is helpful: a driver written corrrectly
> will not access these addresses, and we need an iommu anyway to protect
> us against a drivers.
>
Haven't reviewed the code (yet) but things like the BARs, MSI, and
interrupt disable need to be protected from the guest regardless of the
iommu.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2010-05-30 12:27 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-28 23:07 [PATCH] VFIO driver: Non-privileged user level PCI drivers Tom Lyon
2010-05-28 23:36 ` Randy Dunlap
2010-05-28 23:56 ` Randy Dunlap
2010-05-29 11:55 ` Arnd Bergmann
2010-05-29 12:16 ` Avi Kivity
2010-05-30 12:19 ` Michael S. Tsirkin
2010-05-30 12:27 ` Avi Kivity [this message]
2010-05-30 12:49 ` Michael S. Tsirkin
2010-05-30 13:01 ` Avi Kivity
2010-05-30 13:03 ` Michael S. Tsirkin
2010-05-30 13:13 ` Avi Kivity
2010-05-30 14:53 ` Michael S. Tsirkin
2010-05-31 11:50 ` Avi Kivity
2010-05-31 17:10 ` Michael S. Tsirkin
2010-06-01 8:10 ` Avi Kivity
2010-06-01 9:55 ` Michael S. Tsirkin
2010-06-01 10:28 ` Avi Kivity
2010-06-01 10:46 ` Michael S. Tsirkin
2010-06-01 12:41 ` Avi Kivity
2010-06-02 9:45 ` Joerg Roedel
2010-06-02 9:49 ` Avi Kivity
2010-06-02 10:04 ` Joerg Roedel
2010-06-02 10:09 ` Michael S. Tsirkin
2010-06-02 11:21 ` Avi Kivity
2010-06-02 16:53 ` Chris Wright
2010-06-06 13:44 ` Avi Kivity
2010-06-02 10:15 ` Michael S. Tsirkin
2010-06-02 10:26 ` Joerg Roedel
2010-06-01 21:26 ` Tom Lyon
2010-06-02 2:59 ` Avi Kivity
2010-06-02 5:29 ` Chris Wright
2010-06-02 5:40 ` Avi Kivity
2010-06-02 4:29 ` Alex Williamson
2010-06-02 4:59 ` Tom Lyon
2010-06-02 5:08 ` Avi Kivity
2010-06-02 9:53 ` Joerg Roedel
2010-06-02 9:42 ` Joerg Roedel
2010-06-02 9:50 ` Avi Kivity
2010-06-02 9:53 ` Michael S. Tsirkin
2010-06-02 10:19 ` Joerg Roedel
2010-06-02 10:21 ` Michael S. Tsirkin
2010-06-02 10:35 ` Joerg Roedel
2010-06-02 10:38 ` Michael S. Tsirkin
2010-06-02 11:12 ` Joerg Roedel
2010-06-02 11:21 ` Michael S. Tsirkin
2010-06-02 12:19 ` Joerg Roedel
2010-06-02 12:25 ` Avi Kivity
2010-06-02 12:50 ` Joerg Roedel
2010-06-02 13:06 ` Avi Kivity
2010-06-02 13:53 ` Joerg Roedel
2010-06-02 13:17 ` Michael S. Tsirkin
2010-06-02 14:01 ` Joerg Roedel
2010-06-02 12:34 ` Michael S. Tsirkin
2010-06-02 13:02 ` Joerg Roedel
2010-06-02 17:46 ` Chris Wright
2010-06-02 18:09 ` Tom Lyon
2010-06-02 19:46 ` Joerg Roedel
2010-06-03 6:23 ` Avi Kivity
2010-06-03 21:41 ` Tom Lyon
2010-06-06 9:54 ` Michael S. Tsirkin
2010-06-07 19:01 ` Tom Lyon
2010-06-08 21:22 ` Michael S. Tsirkin
2010-06-02 10:44 ` Michael S. Tsirkin
2010-05-30 12:59 ` Avi Kivity
2010-05-31 17:17 ` Alan Cox
2010-06-01 21:29 ` Tom Lyon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C025999.7080706@redhat.com \
--to=avi@redhat.com \
--cc=aafabbri@cisco.com \
--cc=chrisw@sous-sol.org \
--cc=gregkh@suse.de \
--cc=hjk@linutronix.de \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pugs@cisco.com \
--cc=scofeldm@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.