From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH v2] kvm: Disable MSI/MSI-X in assigned device reset path
Date: Mon, 09 Apr 2012 11:35:56 +0300
Message-ID: <4F829F6C.3060100@redhat.com>
References: <20120408132126.GD13997@redhat.com> <4F81917B.5050805@redhat.com> <20120408133016.GA14136@redhat.com> <4F819587.5050103@redhat.com> <20120408135324.GA14166@redhat.com> <4F819A40.1010806@redhat.com> <20120408144221.GA14689@redhat.com> <4F81AE24.7000901@redhat.com> <20120408154647.GA14914@redhat.com> <4F81B3C3.6020204@redhat.com> <20120408160436.GB14914@redhat.com> <4F81B7F1.6050800@redhat.com> <4F81CCF5.1070902@web.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
	Alex Williamson <alex.williamson@redhat.com>,
	kvm@vger.kernel.org, jbaron@redhat.com
To: Jan Kiszka <jan.kiszka@web.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:40825 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755304Ab2DIIf7 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 9 Apr 2012 04:35:59 -0400
In-Reply-To: <4F81CCF5.1070902@web.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 04/08/2012 08:37 PM, Jan Kiszka wrote:
> The core problem is not the ordering. The problem is that the kernel is
> susceptible to ordering mistakes of userspace. And that is because the
> kernel panics on PCI errors of devices that are in user hands - a
> critical kernel bug IMHO. 

Certainly.  But this userspace patch won't fix it.

> Proper reset of MSI or even the whole PCI
> config space is another issue, but one the kernel should not worry about
> - still, it should be fixed (therefore this patch).

And I was asking what is the right way to do it.  Reset the device and
read back the register values, or do an emulated reset and push down the
register values.

> But even if we disallowed userland to disable MMIO and PIO access to the
> device, we would be be able to exclude that there are secrete channels
> in the device's interface having the same effect. So we likely need to
> enhance PCI error handling to catch and handle faults for certain
> devices differently - those we cannot trust to behave properly while
> they are under userland/guest control.

Why not all of them?

-- 
error compiling committee.c: too many arguments to function