From: Chris Wright <chrisw@sous-sol.org>
To: Joerg Roedel <joerg.roedel@amd.com>
Cc: Chris Wright <chrisw@sous-sol.org>,
linux-pci@vger.kernel.org, dwmw2@infradead.org,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] iommu: Include MSI susceptibility to DMA in creating iommu groups
Date: Wed, 23 Nov 2011 12:12:15 -0800 [thread overview]
Message-ID: <20111123201215.GL3344@sequoia.sous-sol.org> (raw)
In-Reply-To: <20111123105612.GD11876@amd.com>
* Joerg Roedel (joerg.roedel@amd.com) wrote:
> On Mon, Nov 21, 2011 at 03:35:05PM -0800, Chris Wright wrote:
>
> > What is the value of a group w/out complete isolation?
>
> There is still isolation for DMA. This may be sufficient for non-KVM
> use-cases like a device driver partially implemented in userspace. There
> is no no guest then that can attack the host with wrong interrupts.
There is a userspace process that could though. I think I'm missing
the distinction. In either case there is unprivileged code that could
program the hw to generate PCI write transactions that negatively effect
the system.
> > Is there a practical problem w/ conflating the subtleties above?
>
> Same argument as above. It ties the the iommu_group interface to the KVM
> use case.
I don't agree that it's the KVM use case. It's the unprivileged code
owning a device use case. The promise of SR-IOV + IOMMU + PASID shows
hw is trying to go there.
> Another more pratical impact of this patch is that a reboot is
> required to re-enable iommu-groups. When the check happens in VFIO it is
> a simple module-reload.
I suppose, however iommu itself is managed via kernel cmdline and
reboot...
I guess we agree that we need to be able to give the user some way of
managing the risk they're willing to take, and just not on where the
flag should go?
thanks,
-chris
next prev parent reply other threads:[~2011-11-23 20:12 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-17 17:09 [PATCH] iommu: Include MSI susceptibility to DMA in creating iommu groups Alex Williamson
2011-11-18 4:37 ` Kai Huang
2011-11-18 5:40 ` Alex Williamson
2011-11-18 6:20 ` Kai Huang
2011-11-18 10:46 ` Joerg Roedel
2011-11-18 14:56 ` Alex Williamson
2011-11-18 15:27 ` Joerg Roedel
2011-11-18 16:32 ` Alex Williamson
2011-11-20 12:00 ` Joerg Roedel
2011-11-21 4:39 ` Kai Huang
2011-11-21 23:35 ` Chris Wright
2011-11-23 10:56 ` Joerg Roedel
2011-11-23 20:12 ` Chris Wright [this message]
2011-11-23 18:37 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111123201215.GL3344@sequoia.sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joerg.roedel@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox