All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Yu, Zhang" <yu.c.zhang@linux.intel.com>
To: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Cc: Intel-gfx@lists.freedesktop.org
Subject: Re: [PATCH v3 2/8] drm/i915: Adds graphic address space ballooning logic
Date: Wed, 17 Dec 2014 11:10:05 +0800	[thread overview]
Message-ID: <5490F40D.5040100@linux.intel.com> (raw)
In-Reply-To: <54904C88.702@linux.intel.com>



On 12/16/2014 11:15 PM, Tvrtko Ursulin wrote:
>
> Hi,
>
> On 12/16/2014 02:39 PM, Gerd Hoffmann wrote:
>>>>> Out of curiosity, what will be the mechanism to prevent a vGPU
>>>>> instance
>>>>> from ignoring the ballooning data? Must be something in the hypervisor
>>>>> blocking pass-through access to such domains?
>>>> Well, although we have range check logic in the host side(which checks
>>>> the legality of a GM address), the correctness of a GM from vGPU side
>>>
>>> Oh, I thought that part is direct for performance reasons (avoiding
>>> translation). It's not then?
>>
>>>> are supposed to be guaranteed by the drm mm allocator - all those
>>>> ballooned out spaces are marked as reserved.
>>>
>>> I was thinking about a malicious i915 driver instance, or simply a bug
>>> in DRM or i915 which breaks the blocked ranges assumption.
>>
>> Cover letter had a link to a longish paper explaining how all this works
>> in detail.
>>
>> Short summary:
>>    * Direct access is denied by simply mapping only the guests piece
>>      of memory into the guest address space.
>>    * Indirect access (via exec buffer commands) is denied by verifying
>>      the exec buffer commands (map read-only + verify + hand over to
>>      the hardware when checks pass).
>>    * The ballooning basically makes the guest aware what the offset for
>>      its piece of memory has, so the references in the execbuffer don't
>>      need to be translated, only verified.
>
> Thanks, I did read the blog and powerpoint from the link, but didn't
> find what you wrote below even after the second read. Probably missed
> due to lack of domain knowledge.
>
> Anyway, I just wanted to hear that the DRM allocation range is not the
> only thing preventing access outside the allocated range. :)
Thanks, Tvrtko & Gerd.
DRM allocation range is not the only guarantee. We also have range check 
functions in our host code. MMIO accesses and ring buffer commands will 
be checked/scanned in the host side to see if there's any illegal GM 
address.

>
> Regards,
>
> Tvrtko
>
>
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx

  reply	other threads:[~2014-12-17  3:11 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-13 12:02 [PATCH v3 0/8] Add enlightenments for vGPU Yu Zhang
2014-11-13 12:02 ` [PATCH v3 1/8] drm/i915: Introduce a PV INFO page structure for Intel GVT-g Yu Zhang
2014-12-11 17:33   ` Tvrtko Ursulin
2014-12-15  8:12     ` Daniel Vetter
2014-12-16 12:51     ` Yu, Zhang
2014-12-16 13:19       ` Tvrtko Ursulin
2014-12-17  2:49         ` Yu, Zhang
2014-12-17  5:04           ` Tian, Kevin
2014-11-13 12:02 ` [PATCH v3 2/8] drm/i915: Adds graphic address space ballooning logic Yu Zhang
2014-11-14 10:16   ` Daniel Vetter
2014-11-14 12:00     ` Yu, Zhang
2014-12-12 13:00   ` Tvrtko Ursulin
2014-12-16 13:22     ` Yu, Zhang
2014-12-16 13:41       ` Tvrtko Ursulin
2014-12-16 14:39         ` Gerd Hoffmann
2014-12-16 15:15           ` Tvrtko Ursulin
2014-12-17  3:10             ` Yu, Zhang [this message]
2014-12-17  5:20               ` Tian, Kevin
2014-12-17 10:06                 ` Tvrtko Ursulin
2014-12-17  5:57     ` Tian, Kevin
2014-11-13 12:02 ` [PATCH v3 3/8] drm/i915: Partition the fence registers for vGPU in i915 driver Yu Zhang
2014-12-12 13:07   ` Tvrtko Ursulin
2014-12-16 13:32     ` Yu, Zhang
2014-12-16 13:44       ` Tvrtko Ursulin
2014-12-16 14:41         ` Gerd Hoffmann
2014-12-16 15:01           ` Tvrtko Ursulin
2014-12-17  7:33             ` Gerd Hoffmann
2014-12-17  9:59               ` Tvrtko Ursulin
2014-12-17 11:06                 ` Gerd Hoffmann
2014-12-17 11:25                   ` Yu, Zhang
2014-12-17 11:50                     ` Tvrtko Ursulin
2014-12-17 17:10                       ` Daniel Vetter
2014-12-17 17:11                         ` Daniel Vetter
2014-12-18  0:36                         ` Tian, Kevin
2014-12-18  8:08                           ` Daniel Vetter
2014-12-18  8:39                             ` Tian, Kevin
2014-12-17  4:58         ` Tian, Kevin
2014-11-13 12:02 ` [PATCH v3 4/8] drm/i915: Disable framebuffer compression for i915 driver in VM Yu Zhang
2014-12-12 13:13   ` Tvrtko Ursulin
2014-12-17  3:15     ` Yu, Zhang
2014-11-13 12:02 ` [PATCH v3 5/8] drm/i915: Add the display switch logic for vGPU in i915 driver Yu Zhang
2014-12-12 13:18   ` Tvrtko Ursulin
2014-12-15  8:16   ` Daniel Vetter
2014-12-17  3:17     ` Yu, Zhang
2014-11-13 12:02 ` [PATCH v3 6/8] drm/i915: Disable power management for i915 driver in VM Yu Zhang
2014-12-12 13:27   ` Tvrtko Ursulin
2014-12-17  3:25     ` Yu, Zhang
2014-11-13 12:02 ` [PATCH v3 7/8] drm/i915: Create vGPU specific write MMIO to reduce traps Yu Zhang
2014-12-12 13:31   ` Tvrtko Ursulin
2014-12-17  7:28     ` Yu, Zhang
2014-11-13 12:02 ` [PATCH v3 8/8] drm/i915: Support alias ppgtt in VM if ppgtt is enabled Yu Zhang
2014-11-14  0:29   ` [PATCH v3 8/8] drm/i915: Support alias ppgtt in VM if shuang.he
2014-12-12 13:37   ` [PATCH v3 8/8] drm/i915: Support alias ppgtt in VM if ppgtt is enabled Tvrtko Ursulin
2014-11-14 10:17 ` [PATCH v3 0/8] Add enlightenments for vGPU Daniel Vetter
2014-11-14 12:01   ` Yu, Zhang
2014-12-11 17:03 ` Tvrtko Ursulin
2014-12-15  8:18   ` Daniel Vetter
2014-12-15  9:16     ` Jani Nikula

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5490F40D.5040100@linux.intel.com \
    --to=yu.c.zhang@linux.intel.com \
    --cc=Intel-gfx@lists.freedesktop.org \
    --cc=kraxel@redhat.com \
    --cc=tvrtko.ursulin@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.