lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jul 2007 11:53:07 +0300 From: Muli Ben-Yehuda <muli@...ibm.com> To: David Miller <davem@...emloft.net> Cc: mitch.a.williams@...el.com, shemminger@...ux-foundation.org, netdev@...r.kernel.org Subject: Re: [RFC 2/2] shrink size of scatterlist on common i386/x86-64 On Mon, Jul 09, 2007 at 12:06:40AM -0700, David Miller wrote: > > That works, but isn't optimal when you have an isolation-capable > > IOMMU and you want the full isolation properties of the IOMMU. If > > you only flush the IOTLB when the allocator wraps around, a stale > > entry in the IOTLB can allow a DMA to go through for an IO entry > > that has already been unmapped. One way to mitigate that and still > > retain full isolation is to make sure no one else gets to use the > > frames that are the targets of the DMA until the translation has > > been flushed out of the IOTLB, but that requires pretty deep > > surgery. > > Virtualization sucks doesn't it? :-) no comment :-) FWIW isolation capable IOMMUs are also useful to catch DMA errors when drivers program devices to DMA where they shouldn't. Sure, drivers can trash the kernel in other ways, but a printk beats random memory corruption any day of the week. > It's one of the worst aspects of all of this virtualization > business. In my view it makes no sense to split up the physical > hardware. Just give control nodes complete access to everything and > instead of playing games partializing real hardware, just give > virtual instances to everybody and be done with all of this > complexity. Virtual instances have a non-negligible performance cost and development cost - you need a virtual driver for any device or class of devices out there. Not to say that they aren't useful, just that direct access (aka "passthrough") has its uses too. > Anyways, hypervisors et al. have already decided to do this > braindamage so you will need to find some way to make it go fast now > won't you? :) Working on it :-) Cheers, Muli - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists