From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=57289 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OUjx2-0001Bq-7P
	for qemu-devel@nongnu.org; Fri, 02 Jul 2010 13:24:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <edgmnt@gmail.com>) id 1OUjst-0008ES-TH
	for qemu-devel@nongnu.org; Fri, 02 Jul 2010 13:18:40 -0400
Received: from mail-bw0-f45.google.com ([209.85.214.45]:59149)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <edgmnt@gmail.com>) id 1OUjst-0008EL-Mw
	for qemu-devel@nongnu.org; Fri, 02 Jul 2010 13:18:39 -0400
Received: by bwz5 with SMTP id 5so1922327bwz.4
	for <qemu-devel@nongnu.org>; Fri, 02 Jul 2010 10:18:38 -0700 (PDT)
Sender: Eduard - Gabriel Munteanu <edgmnt@gmail.com>
Date: Fri, 2 Jul 2010 20:17:43 +0300
From: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Subject: Re: [Qemu-devel] Re: Status update
Message-ID: <20100702171743.GB6809@localhost>
References: <20100629172522.GA8227@localhost>
	<AANLkTimZRp6xusr_o2W58_avpbhrgxDHbEp0gjYUY8jp@mail.gmail.com>
	<20100701193034.GA7421@localhost>
	<AANLkTinZ6TlNB71KTH9CjhH3wTn4TuAZ5wbceg-Kue4-@mail.gmail.com>
	<20100702094155.GC16712@valinux.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100702094155.GC16712@valinux.co.jp>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: kvm@vger.kernel.org, Stefan Hajnoczi <stefanha@gmail.com>, joro@8bytes.org, qemu-devel@nongnu.org, avi@redhat.com, paul@codesourcery.com

On Fri, Jul 02, 2010 at 06:41:55PM +0900, Isaku Yamahata wrote:
> On Fri, Jul 02, 2010 at 09:03:39AM +0100, Stefan Hajnoczi wrote:
> > On Thu, Jul 1, 2010 at 8:30 PM, Eduard - Gabriel Munteanu
> > <eduard.munteanu@linux360.ro> wrote:
> > > But suddenly the guest OS changes mappings and expects the IOMMU to
> > > enforce them as soon as invalidation commands are completed. The guest
> > > then reclaims the old space for other uses. This leaves an opportunity
> > > for those processes to corrupt or read sensitive data.
> 
> In such a case, OS should put device into quiescence by reset like
> pci bus reset or pcie function level reset.
> pci bus reset patch hasn't been merged yet, though.
> It needs clean up/generalization.
> 
> -- 
> yamahata

I wouldn't count on that. When the IOMMU notifies software of command
completion, then that notification should be correct. So if we count on
'pci bus reset' we either don't execute INVALIDATE_* and COMPLETION_WAIT
commands, or we issue bogus notifications (e.g. they'd be nops). That
goes against the specs, and I'm not sure there's any good reason a
non-KVM/QEMU-aware OS would reset the device in _all_ cases.

For some background on this, mappings updates are followed by
INVALIDATE_* commands and then a COMPLETION_WAIT (to wait for
invalidation to finish).


	Eduard