lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 28 Oct 2007 23:52:16 -0600
From:	Grant Grundler <grundler@...isc-linux.org>
To:	Greg KH <gregkh@...e.de>
Cc:	Barak Fargoun <barak@...cleus.com>, linux-kernel@...r.kernel.org,
	linux-pci@...ey.karlin.mff.cuni.cz, Guy Zana <guy@...cleus.com>
Subject: Re: [PATCH] Align PCI memory regions to page size (4K) - Fix

On Sun, Oct 28, 2007 at 01:03:36PM -0700, Greg KH wrote:
> On Sun, Oct 28, 2007 at 03:53:20PM -0400, Barak Fargoun wrote:
...
> > About your question: today, some of the hypervisors are using linux
> > kernel as their domain-0 (e.g. Xen). In order to implement direct
> > hardware access for these native domains (e.g.  running windows in a
> > virtual machine above Xen), the PCI memory regions should be aligned
> > at-least at the page-level (so, a virtual machine - can't see data of
> > other devices which may not be assigned to it). So, for that reason,
> > we wanted a boot parameter to let us force the kernel to align PCI
> > memory regions at-least at a PAGE_SIZE alignment. It is very useful
> > for hypervisors which are developed at Linux environment (e.g.: Xen).
...
> And if not, why would we not do this for all devices not just for
> virtual machines, if it is such a benefit?

It's a benefit IFF multiple devices are spread across more than one guest
_and_ we don't trust every particating guest to play nicely with IO.  That way
the Hypervisor can assign one device to a specific guest OS for direct access.
E.g. 4 port Gige card could directly support the host and 3 guests with somewhat
lower risk of tromping on each other's MMIO space.

If Xen is cooperative, this seems a bit paranoid. I don't recall ever seeing a
driver bug where the driver accidentally poked MMIO space at the wrong device.
That's much more common for IO Port space. The only exception was xfree86 where it
poked around in random places to deal with buggy HW quirks.

The use of an IOMMU will provide much more useful protection.

grant
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ