lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 Jul 2007 11:53:07 +0300
From:	Muli Ben-Yehuda <muli@...ibm.com>
To:	David Miller <davem@...emloft.net>
Cc:	mitch.a.williams@...el.com, shemminger@...ux-foundation.org,
	netdev@...r.kernel.org
Subject: Re: [RFC 2/2] shrink size of scatterlist on common i386/x86-64

On Mon, Jul 09, 2007 at 12:06:40AM -0700, David Miller wrote:

> > That works, but isn't optimal when you have an isolation-capable
> > IOMMU and you want the full isolation properties of the IOMMU. If
> > you only flush the IOTLB when the allocator wraps around, a stale
> > entry in the IOTLB can allow a DMA to go through for an IO entry
> > that has already been unmapped. One way to mitigate that and still
> > retain full isolation is to make sure no one else gets to use the
> > frames that are the targets of the DMA until the translation has
> > been flushed out of the IOTLB, but that requires pretty deep
> > surgery.
> 
> Virtualization sucks doesn't it? :-)

no comment :-) FWIW isolation capable IOMMUs are also useful to catch
DMA errors when drivers program devices to DMA where they
shouldn't. Sure, drivers can trash the kernel in other ways, but a
printk beats random memory corruption any day of the week.

> It's one of the worst aspects of all of this virtualization
> business.  In my view it makes no sense to split up the physical
> hardware.  Just give control nodes complete access to everything and
> instead of playing games partializing real hardware, just give
> virtual instances to everybody and be done with all of this
> complexity.

Virtual instances have a non-negligible performance cost and
development cost - you need a virtual driver for any device or class
of devices out there. Not to say that they aren't useful, just that
direct access (aka "passthrough") has its uses too.

> Anyways, hypervisors et al. have already decided to do this
> braindamage so you will need to find some way to make it go fast now
> won't you? :)

Working on it :-)

Cheers,
Muli
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists