> -----Original Message----- > From: Wood Scott-B07421 > Sent: Saturday, December 07, 2013 12:55 AM > To: Bhushan Bharat-R65777 > Cc: Alex Williamson; linux-...@vger.kernel.org; ag...@suse.de; Yoder Stuart- > B08248; io...@lists.linux-foundation.org; bhelg...@google.com; linuxppc- > d...@lists.ozlabs.org; linux-ker...@vger.kernel.org > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU) > > On Thu, 2013-12-05 at 22:17 -0600, Bharat Bhushan wrote: > > > > > -----Original Message----- > > > From: Wood Scott-B07421 > > > Sent: Friday, December 06, 2013 5:31 AM > > > To: Bhushan Bharat-R65777 > > > Cc: Alex Williamson; linux-...@vger.kernel.org; ag...@suse.de; Yoder > > > Stuart- B08248; io...@lists.linux-foundation.org; > > > bhelg...@google.com; linuxppc- d...@lists.ozlabs.org; > > > linux-ker...@vger.kernel.org > > > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale > > > IOMMU (PAMU) > > > > > > On Sun, 2013-11-24 at 23:33 -0600, Bharat Bhushan wrote: > > > > > > > > > -----Original Message----- > > > > > From: Alex Williamson [mailto:alex.william...@redhat.com] > > > > > Sent: Friday, November 22, 2013 2:31 AM > > > > > To: Wood Scott-B07421 > > > > > Cc: Bhushan Bharat-R65777; linux-...@vger.kernel.org; > > > > > ag...@suse.de; Yoder Stuart-B08248; > > > > > io...@lists.linux-foundation.org; bhelg...@google.com; linuxppc- > > > > > d...@lists.ozlabs.org; linux-ker...@vger.kernel.org > > > > > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale > > > > > IOMMU (PAMU) > > > > > > > > > > On Thu, 2013-11-21 at 14:47 -0600, Scott Wood wrote: > > > > > > They can interfere. > > > > > > > > Want to be sure of how they can interfere? > > > > > > If more than one VFIO user shares the same MSI group, one of the > > > users can send MSIs to another user, by using the wrong interrupt > > > within the bank. Unexpected MSIs could cause misbehavior or denial of > service. > > > > > > > >> With this hardware, the only way to prevent that > > > > > > is to make sure that a bank is not shared by multiple protection > contexts. > > > > > > For some of our users, though, I believe preventing this is > > > > > > less important than the performance benefit. > > > > > > > > So should we let this patch series in without protection? > > > > > > No, there should be some sort of opt-in mechanism similar to > > > IOMMU-less VFIO -- but not the same exact one, since one is a much > > > more serious loss of isolation than the other. > > > > Can you please elaborate "opt-in mechanism"? > > The system should be secure by default. If the administrator wants to relax > protection in order to accomplish some functionality, that should require an > explicit request such as a write to a sysfs file. > > > > > > I think we need some sort of ownership model around the msi banks > > > > > then. > > > > > Otherwise there's nothing preventing another userspace from > > > > > attempting an MSI based attack on other users, or perhaps even > > > > > on the host. VFIO can't allow that. Thanks, > > > > > > > > We have very few (3 MSI bank on most of chips), so we can not > > > > assign one to each userspace. > > > > > > That depends on how many users there are. > > > > What I think we can do is: > > - Reserve one MSI region for host. Host will not share MSI region with > > Guest. > > - For upto 2 Guest (MAX msi with host - 1) give then separate MSI sub > > regions > > - Additional Guest will share MSI region with other guest. > > > > Any better suggestion are most welcome. > > If the administrator does not opt into this partial loss of isolation, then > once > you run out of MSI groups, new users should not be able to set up MSIs.
So mean vfio should use Legacy when out of MSI banks? Thanks -Bharat > > -Scott > _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
