From: Jason Gunthorpe <jgg@nvidia.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Matthew Rosato <mjrosato@linux.ibm.com>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
Vineeth Vijayan <vneethv@linux.ibm.com>,
Diana Craciun <diana.craciun@oss.nxp.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Will Deacon <will@kernel.org>,
Longfang Liu <liulongfang@huawei.com>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Liu, Yi L" <yi.l.liu@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Joerg Roedel <joro@8bytes.org>, Halil Pasic <pasic@linux.ibm.com>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
Nicolin Chen <nicolinc@nvidia.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Tony Krowiak <akrowiak@linux.ibm.com>,
Eric Farman <farman@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Eric Auger <eric.auger@redhat.com>,
Harald Freudenberger <freude@linux.ibm.com>,
"Vivi, Rodrigo" <rodrigo.vivi@intel.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
Jason Herne <jjherne@linux.ibm.com>,
Yishai Hadas <yishaih@nvidia.com>,
Cornelia Huck <cohuck@redhat.com>,
Peter Oberparleiter <oberpar@linux.ibm.com>,
Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>,
Sven Schnelle <svens@linux.ibm.com>,
Robin Murphy <robin.murphy@arm.com>,
Lu Baolu <baolu.lu@linux.intel.com>
Subject: Re: [Intel-gfx] [PATCH 04/10] vfio: Move storage of allow_unsafe_interrupts to vfio_main.c
Date: Wed, 9 Nov 2022 09:11:22 -0400 [thread overview]
Message-ID: <Y2um+i8+H4z4/qR9@nvidia.com> (raw)
In-Reply-To: <BN9PR11MB5276121DEB01705B9A25D1208C3E9@BN9PR11MB5276.namprd11.prod.outlook.com>
On Wed, Nov 09, 2022 at 03:21:29AM +0000, Tian, Kevin wrote:
> > From: Jason Gunthorpe <jgg@nvidia.com>
> > Sent: Wednesday, November 9, 2022 9:05 AM
> >
> > On Tue, Nov 08, 2022 at 03:55:20PM -0700, Alex Williamson wrote:
> >
> > > > > So why exactly isn't this an issue for VDPA? Are we just burying our
> > > > > head in the sand that such platforms exists and can still be useful
> > > > > given the appropriate risk vs reward trade-off?
> > > >
> > > > Simply that nobody has asked for it, and might never ask for it. This
> > > > is all support for old platforms, and there just doesn't seem to be a
> > > > "real" use case for very new (and actually rare) NIC hardware stuck
> > > > into ancient platforms with this security problem.
> > >
> > > vIOMMU support for interrupt remapping is relatively new, the nesting
> > > case is important as well.
> >
> > This is where we got hit. In the end we fixed the qemu..
>
> but the point is that old qemu could have a much longer lifespan than
> old platforms then when running newer kernel which supports vdpa
> on old qemu the same tradeoff consideration is then not vfio
> specific...
I think we are reaching into incredible hypotheticals here. We don't
know of any real uses cases where a very new VDPA capable device would
be assinged into a VM using an old qemu and the entire system is
expected to work. What we are seeing is people using this stuff are
making highly engineered systems and will meet the constraints.
Today VDPA doesn't support allow_unsafe_interrupts, and I don't see a
compelling reason to change that.
The threshold for introducing a kernel security hole should be much
higher than "someone could possibly do this".
> If all agree that VFIO_CONTAINER=n is a process to evolve, does it make
> more sense to remove this patch from this series i.e. let it buried in
> VFIO_CONTAINER=y for now? Then resolve it in a follow up patch if
> no consensus can be made quickly at this point.
This is worse, it would make iommufd completely unusable in situations
where we need allow_unsafe_interrupts. If we belive that is important
we should keep this patch so existing systems on kernels with
VFIO_CONTAINER=y continue to work after libvirt/qemu are upgraded to
iommufd.
Jason
next prev parent reply other threads:[~2022-11-09 13:11 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-25 18:17 [Intel-gfx] [PATCH 00/10] Connect VFIO to IOMMUFD Jason Gunthorpe
2022-10-25 18:17 ` [Intel-gfx] [PATCH 01/10] vfio: Move vfio_device driver open/close code to a function Jason Gunthorpe
2022-11-01 7:33 ` Tian, Kevin
2022-11-01 12:12 ` Jason Gunthorpe
2022-11-01 14:36 ` Yi Liu
2022-10-25 18:17 ` [Intel-gfx] [PATCH 02/10] vfio: Move vfio_device_assign_container() into vfio_device_first_open() Jason Gunthorpe
2022-11-01 7:38 ` Tian, Kevin
2022-11-01 12:14 ` Jason Gunthorpe
2022-11-01 14:37 ` Yi Liu
2022-11-01 17:37 ` Jason Gunthorpe
2022-10-25 18:17 ` [Intel-gfx] [PATCH 03/10] vfio: Rename vfio_device_assign/unassign_container() Jason Gunthorpe
2022-11-01 7:39 ` Tian, Kevin
2022-11-01 14:39 ` Yi Liu
2022-10-25 18:17 ` [Intel-gfx] [PATCH 04/10] vfio: Move storage of allow_unsafe_interrupts to vfio_main.c Jason Gunthorpe
2022-10-26 21:24 ` Alex Williamson
2022-10-28 18:40 ` Jason Gunthorpe
2022-10-31 22:45 ` Alex Williamson
2022-11-07 13:19 ` Jason Gunthorpe
2022-11-07 15:18 ` Alex Williamson
2022-11-07 15:32 ` Jason Gunthorpe
2022-11-07 18:05 ` Alex Williamson
2022-11-07 18:45 ` Jason Gunthorpe
2022-11-08 22:55 ` Alex Williamson
2022-11-09 1:05 ` Jason Gunthorpe
2022-11-09 3:21 ` Tian, Kevin
2022-11-09 13:11 ` Jason Gunthorpe [this message]
2022-11-10 2:44 ` Tian, Kevin
2022-11-09 18:28 ` Alex Williamson
2022-11-10 19:19 ` Jason Gunthorpe
2022-10-25 18:17 ` [Intel-gfx] [PATCH 05/10] vfio: Use IOMMU_CAP_ENFORCE_CACHE_COHERENCY for vfio_file_enforced_coherent() Jason Gunthorpe
2022-11-01 7:52 ` Tian, Kevin
2022-11-01 12:26 ` Jason Gunthorpe
2022-11-03 4:38 ` Tian, Kevin
2022-11-04 19:45 ` Jason Gunthorpe
2022-10-25 18:50 ` [Intel-gfx] [PATCH 06/10] vfio-iommufd: Allow iommufd to be used in place of a container fd Jason Gunthorpe
2022-11-01 8:09 ` Tian, Kevin
2022-11-01 9:19 ` Nicolin Chen
2022-11-01 11:51 ` Jason Gunthorpe
2022-11-03 4:39 ` Tian, Kevin
2022-11-01 12:40 ` Jason Gunthorpe
2022-11-02 7:28 ` Yi Liu
2022-11-07 23:45 ` Jason Gunthorpe
2022-10-25 18:50 ` [Intel-gfx] [PATCH 07/10] vfio-iommufd: Support iommufd for physical VFIO devices Jason Gunthorpe
2022-11-01 8:21 ` Tian, Kevin
2022-11-04 19:51 ` Jason Gunthorpe
2022-10-25 18:50 ` [Intel-gfx] [PATCH 08/10] vfio-iommufd: Support iommufd for emulated " Jason Gunthorpe
2022-11-01 8:37 ` Tian, Kevin
2022-11-01 12:49 ` Jason Gunthorpe
2022-11-03 4:52 ` Tian, Kevin
2022-10-25 18:50 ` [Intel-gfx] [PATCH 09/10] vfio: Make vfio_container optionally compiled Jason Gunthorpe
2022-11-01 8:41 ` Tian, Kevin
2022-11-01 12:56 ` Jason Gunthorpe
2022-10-25 18:50 ` [Intel-gfx] [PATCH 10/10] iommufd: Allow iommufd to supply /dev/vfio/vfio Jason Gunthorpe
2022-10-26 21:31 ` Alex Williamson
2022-10-28 18:44 ` Jason Gunthorpe
2022-10-31 22:53 ` Alex Williamson
2022-11-07 13:57 ` Jason Gunthorpe
2022-10-25 20:42 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Connect VFIO to IOMMUFD Patchwork
2022-10-28 23:53 ` [Intel-gfx] [PATCH 00/10] " Nicolin Chen
2022-10-28 23:54 ` Nicolin Chen
2022-10-31 10:38 ` Yi Liu
2022-10-31 12:18 ` Jason Gunthorpe
2022-10-31 12:25 ` Yi Liu
2022-10-31 23:24 ` Jason Gunthorpe
2022-11-01 3:04 ` Yi Liu
2022-11-01 4:21 ` Nicolin Chen
2022-11-01 12:54 ` Yi Liu
2022-11-01 11:41 ` Jason Gunthorpe
2022-11-01 12:55 ` Yi Liu
2022-11-07 17:17 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Connect VFIO to IOMMUFD (rev2) Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2um+i8+H4z4/qR9@nvidia.com \
--to=jgg@nvidia.com \
--cc=agordeev@linux.ibm.com \
--cc=akrowiak@linux.ibm.com \
--cc=baolu.lu@linux.intel.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=diana.craciun@oss.nxp.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=eric.auger@redhat.com \
--cc=farman@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=iommu@lists.linux.dev \
--cc=jjherne@linux.ibm.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=liulongfang@huawei.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=oberpar@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=robin.murphy@arm.com \
--cc=rodrigo.vivi@intel.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=svens@linux.ibm.com \
--cc=vneethv@linux.ibm.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox