From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: "Rustad, Mark D" <mark.d.rustad@intel.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Alexander Duyck <alexander.duyck@gmail.com>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
Bjorn Helgaas <helgaas@kernel.org>,
Hannes Reinecke <hare@suse.de>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Babu Moger <babu.moger@oracle.com>,
Paul Mackerras <paulus@samba.org>,
"santosh@chelsio.com" <santosh@chelsio.com>,
Netdev <netdev@vger.kernel.org>
Subject: Re: [PATCHv2 3/4] pci: Determine actual VPD size on first access
Date: Tue, 16 Aug 2016 08:33:20 +1000 [thread overview]
Message-ID: <1471300400.12231.130.camel@kernel.crashing.org> (raw)
In-Reply-To: <1471299799.12231.121.camel@kernel.crashing.org>
On Tue, 2016-08-16 at 08:23 +1000, Benjamin Herrenschmidt wrote:
> > I don't think desktop users appreciate hangs any more than anyone else, and
> > that is one of the symptoms that can arise here without the vfio
> > coordination.
>
> And can happen with it as well....
Oh and your response was completely besides the point I was trying
to make, just some passive aggressive noise, thank you.
The point was that if you want the sort of safety that we are trying
to aim for, without additional HW support, you basically have to do
the isolation on a granularity no smaller than a bridge/bus (with the
notable exception of SR-IOV of course).
Otherwise guest *will* be able to harm each other (or the host) in
all sorts of ways if anything because devices will have MMIO backdoors
into their own BAR space, or can be made to DMA to a neighbour, etc...
This is the only safe thing to do (and we are enforcing that on POWER
with our IOMMU groups).
Now that being said, if you want to keep the ability to assign 2 functions
of a device to different guests for your average non-critical desktop user,
that's where you may want to consider two models.
Generally speaking, filtering things for "safety" won't work.
Filtering things to work around bugs in existing guests to avoid crashes
is a different kettle of fish and could be justified but keep in mind that
in most cases a malicious guest will be able to exploit those HW flaws.
Assuming that a device coming back from a guest is functional and not
completely broken and can be re-used without a full PERST or power cycle
is a wrong assumption. It may or may not work, no amount of "filtering"
will fix the fundamental issue. If your HW won't give you access to PERST
well ... blame Intel for not specifying a standard way to generate it in
the first place :-)
Cheers,
Ben.
next prev parent reply other threads:[~2016-08-15 22:33 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-13 11:25 [PATCHv2 0/4] PCI VPD access fixes Hannes Reinecke
2016-01-13 11:25 ` [PATCHv2 1/4] pci: Update VPD definitions Hannes Reinecke
2016-01-13 11:25 ` [PATCHv2 2/4] pci: allow access to VPD attributes with size '0' Hannes Reinecke
2016-02-09 20:53 ` Bjorn Helgaas
2016-02-10 7:17 ` Hannes Reinecke
2016-01-13 11:25 ` [PATCHv2 3/4] pci: Determine actual VPD size on first access Hannes Reinecke
2016-02-09 21:04 ` Bjorn Helgaas
2016-02-10 7:24 ` Hannes Reinecke
2016-08-09 12:54 ` Alexey Kardashevskiy
2016-08-09 18:12 ` Alexander Duyck
2016-08-10 0:03 ` Benjamin Herrenschmidt
2016-08-10 15:47 ` Alexander Duyck
2016-08-10 23:54 ` Benjamin Herrenschmidt
2016-08-11 18:52 ` Alexander Duyck
2016-08-11 20:17 ` Alex Williamson
2016-08-12 5:11 ` Benjamin Herrenschmidt
2016-08-15 17:59 ` Rustad, Mark D
2016-08-15 22:23 ` Benjamin Herrenschmidt
2016-08-15 22:33 ` Benjamin Herrenschmidt [this message]
2016-08-15 23:16 ` Rustad, Mark D
2016-08-16 0:13 ` Benjamin Herrenschmidt
2016-08-16 1:40 ` Alexey Kardashevskiy
2016-08-10 6:23 ` Hannes Reinecke
2016-08-11 10:03 ` [RFC PATCH kernel] PCI: Enable access to custom VPD for Chelsio devices (cxgb3) Alexey Kardashevskiy
2016-09-06 15:48 ` Bjorn Helgaas
2016-09-06 18:30 ` Alexander Duyck
2016-09-21 10:53 ` Alexey Kardashevskiy
2016-08-09 23:59 ` [PATCHv2 3/4] pci: Determine actual VPD size on first access Benjamin Herrenschmidt
2016-01-13 11:25 ` [PATCHv2 4/4] pci: Blacklist vpd access for buggy devices Hannes Reinecke
2016-01-19 20:57 ` [PATCH v3 " Babu Moger
2016-02-09 21:07 ` [PATCHv2 " Bjorn Helgaas
2016-02-09 21:24 ` Babu Moger
2016-01-15 1:07 ` [PATCHv2 0/4] PCI VPD access fixes Seymour, Shane M
2016-01-15 14:10 ` Babu Moger
2016-01-15 14:18 ` Hannes Reinecke
2016-01-19 20:53 ` Babu Moger
2016-01-21 18:34 ` [PATCH v4 4/4] pci: Blacklist vpd access for buggy devices Babu Moger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471300400.12231.130.camel@kernel.crashing.org \
--to=benh@kernel.crashing.org \
--cc=aik@ozlabs.ru \
--cc=alex.williamson@redhat.com \
--cc=alexander.duyck@gmail.com \
--cc=babu.moger@oracle.com \
--cc=hare@suse.de \
--cc=helgaas@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mark.d.rustad@intel.com \
--cc=netdev@vger.kernel.org \
--cc=paulus@samba.org \
--cc=santosh@chelsio.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).