From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: <kevin.tian@intel.com>, <corbet@lwn.net>, <will@kernel.org>,
<joro@8bytes.org>, <suravee.suthikulpanit@amd.com>,
<robin.murphy@arm.com>, <dwmw2@infradead.org>,
<baolu.lu@linux.intel.com>, <shuah@kernel.org>,
<linux-kernel@vger.kernel.org>, <iommu@lists.linux.dev>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kselftest@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<eric.auger@redhat.com>, <jean-philippe@linaro.org>,
<mdf@kernel.org>, <mshavit@google.com>,
<shameerali.kolothum.thodi@huawei.com>, <smostafa@google.com>,
<ddutile@redhat.com>, <yi.l.liu@intel.com>,
<patches@lists.linux.dev>
Subject: Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper
Date: Tue, 21 Jan 2025 23:15:36 -0800 [thread overview]
Message-ID: <Z5CbGKYbwy+qPjyh@nvidia.com> (raw)
In-Reply-To: <20250122002128.GC5556@nvidia.com>
On Tue, Jan 21, 2025 at 08:21:28PM -0400, Jason Gunthorpe wrote:
> On Tue, Jan 21, 2025 at 01:40:05PM -0800, Nicolin Chen wrote:
> > > There is also the minor detail of what happens if the hypervisor HW
> > > queue overflows - I don't know the answer here. It is security
> > > concerning since the VM can spam DMA errors at high rate. :|
> >
> > In my view, the hypervisor queue is the vHW queue for the VM, so
> > it should act like a HW, which means it's up to the guest kernel
> > driver that handles the high rate DMA errors..
>
> I'm mainly wondering what happens if the single physical kernel
> event queue overflows because it is DOS'd by a VM and the hypervisor
> cannot drain it fast enough?
>
> I haven't looked closely but is there some kind of rate limiting or
> otherwise to mitigate DOS attacks on the shared event queue from VMs?
SMMUv3 reads the event out of the physical kernel event queue,
and adds that to faultq or veventq or prints it out. So, it'd
not overflow because of DOS? And all other drivers should do
the same?
Thanks
Nicolin
next prev parent reply other threads:[~2025-01-22 7:17 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-07 17:10 [PATCH v5 00/14] iommufd: Add vIOMMU infrastructure (Part-3: vEVENTQ) Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 01/14] iommufd: Keep OBJ/IOCTL lists in an alphabetical order Nicolin Chen
2025-01-10 6:26 ` Tian, Kevin
2025-01-10 17:25 ` Jason Gunthorpe
2025-01-14 19:29 ` Jason Gunthorpe
2025-01-07 17:10 ` [PATCH v5 02/14] iommufd/fault: Add an iommufd_fault_init() helper Nicolin Chen
2025-01-10 17:25 ` Jason Gunthorpe
2025-01-07 17:10 ` [PATCH v5 03/14] iommufd/fault: Move iommufd_fault_iopf_handler() to header Nicolin Chen
2025-01-10 17:25 ` Jason Gunthorpe
2025-01-07 17:10 ` [PATCH v5 04/14] iommufd: Abstract an iommufd_eventq from iommufd_fault Nicolin Chen
2025-01-10 6:26 ` Tian, Kevin
2025-01-10 17:26 ` Jason Gunthorpe
2025-01-10 20:49 ` Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 05/14] iommufd: Rename fault.c to eventq.c Nicolin Chen
2025-01-10 17:27 ` Jason Gunthorpe
2025-01-07 17:10 ` [PATCH v5 06/14] iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVENTQ_ALLOC Nicolin Chen
2025-01-10 7:06 ` Tian, Kevin
2025-01-10 21:29 ` Nicolin Chen
2025-01-13 2:52 ` Tian, Kevin
2025-01-13 4:51 ` Nicolin Chen
2025-01-13 8:17 ` Tian, Kevin
2025-01-13 19:10 ` Jason Gunthorpe
2025-01-10 17:48 ` Jason Gunthorpe
2025-01-10 19:27 ` Nicolin Chen
2025-01-10 19:49 ` Jason Gunthorpe
2025-01-10 21:58 ` Nicolin Chen
2025-01-13 19:12 ` Jason Gunthorpe
2025-01-13 19:18 ` Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 07/14] iommufd/viommu: Add iommufd_viommu_get_vdev_id helper Nicolin Chen
2025-01-10 7:07 ` Tian, Kevin
2025-01-10 21:35 ` Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper Nicolin Chen
2025-01-10 7:12 ` Tian, Kevin
2025-01-10 14:51 ` Jason Gunthorpe
2025-01-10 18:40 ` Nicolin Chen
2025-01-10 17:41 ` Jason Gunthorpe
2025-01-10 18:38 ` Nicolin Chen
2025-01-10 19:51 ` Jason Gunthorpe
2025-01-10 19:56 ` Nicolin Chen
2025-01-13 5:37 ` Nicolin Chen
2025-01-13 19:21 ` Jason Gunthorpe
2025-01-13 19:47 ` Nicolin Chen
2025-01-13 19:54 ` Jason Gunthorpe
2025-01-13 20:44 ` Nicolin Chen
2025-01-14 13:41 ` Jason Gunthorpe
2025-01-17 22:11 ` Nicolin Chen
2025-01-20 18:18 ` Jason Gunthorpe
2025-01-20 20:52 ` Nicolin Chen
2025-01-21 18:36 ` Jason Gunthorpe
2025-01-21 19:55 ` Nicolin Chen
2025-01-21 20:09 ` Jason Gunthorpe
2025-01-21 21:02 ` Nicolin Chen
2025-01-21 21:14 ` Jason Gunthorpe
2025-01-21 21:40 ` Nicolin Chen
2025-01-22 0:21 ` Jason Gunthorpe
2025-01-22 7:15 ` Nicolin Chen [this message]
2025-01-22 9:33 ` Tian, Kevin
2025-01-22 19:54 ` Nicolin Chen
2025-01-23 13:42 ` Jason Gunthorpe
2025-01-22 8:05 ` Nicolin Chen
2025-01-22 18:02 ` Nicolin Chen
2025-01-23 7:02 ` Nicolin Chen
2025-01-23 13:43 ` Jason Gunthorpe
2025-01-07 17:10 ` [PATCH v5 09/14] iommufd/selftest: Require vdev_id when attaching to a nested domain Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 10/14] iommufd/selftest: Add IOMMU_TEST_OP_TRIGGER_VEVENT for vEVENTQ coverage Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 11/14] iommufd/selftest: Add IOMMU_VEVENTQ_ALLOC test coverage Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 12/14] Documentation: userspace-api: iommufd: Update FAULT and VEVENTQ Nicolin Chen
2025-01-10 7:13 ` Tian, Kevin
2025-01-07 17:10 ` [PATCH v5 13/14] iommu/arm-smmu-v3: Introduce struct arm_smmu_vmaster Nicolin Chen
2025-01-13 19:29 ` Jason Gunthorpe
2025-01-13 19:52 ` Nicolin Chen
2025-01-07 17:10 ` [PATCH v5 14/14] iommu/arm-smmu-v3: Report events that belong to devices attached to vIOMMU Nicolin Chen
2025-01-09 11:04 ` kernel test robot
2025-01-13 19:01 ` Nicolin Chen
2025-01-13 19:06 ` Jason Gunthorpe
2025-01-13 19:15 ` Nicolin Chen
2025-01-13 19:18 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5CbGKYbwy+qPjyh@nvidia.com \
--to=nicolinc@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=corbet@lwn.net \
--cc=ddutile@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mdf@kernel.org \
--cc=mshavit@google.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=shuah@kernel.org \
--cc=smostafa@google.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).