| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Jan 2007 22:18:59 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: David Miller <davem@...emloft.net> Cc: benh@...nel.crashing.org, jeff@...zik.org, greg@...ah.com, tony.luck@...el.com, grundler@...isc-linux.org, mingo@...e.hu, linux-kernel@...r.kernel.org, kyle@...isc-linux.org, linuxppc-dev@...abs.org, brice@...i.com, shaohua.li@...el.com, linux-pci@...ey.karlin.mff.cuni.cz Subject: Re: [PATCH 0/6] MSI portability cleanups David Miller <davem@...emloft.net> writes: > From: ebiederm@...ssion.com (Eric W. Biederman) > Date: Sun, 28 Jan 2007 16:26:44 -0700 > >> Yes. In general the mainline linux kernel does not support certain >> classes of stupidity. TCP offload engines, firmware drivers for >> hardware we care about, a fixed ABI to binary only modules, etc. >> It is the responsibility of the OS to setup MSI so we do it, not >> the firmware so we do it. > > I absolutely disagree with you Eric, and I think you're being > rediculious. > > If the hypervisor doesn't control the MSI PCI config space > register writes, this allows the device to spam PCI devices > which belong to other domains. > > It's a freakin' reasonable design trade off decision, get over > it! :-) I completely agree with you in the case you have described, it does mean that the hypervisor needs to trust all of the MSI capable hardware in the system but it if that is the best your hardware can support it is a reasonable trade-off. With the MSI-X registers in a random part of some memory mapped bar and not guaranteed to be page aligned, things are more difficult to isolate purely in a software based hypervisor. > Yes it can be done at the hardware level, and many hypervisor > based systems do that, but it's not the one-and-only true > way to implment inter-domain protection behind a single > PCI host controller. The reason I consider the case crazy is that every example I have been given is where the hardware is doing the filtering above the PCI device. So the hypervisor has no need to filter the pci config traffic or to write to the msi config registers for us. Yet the defined hypervisor interface is. Given the reduction in flexibility of an interface where the hypervisor writes to the config registers for the OS as compared to an interface where the hypervisor provides a destination for MSI messages from a particular device upon request, I think it is silly to design an interface when you full hardware support to act like an interface built for a hypervisor that had to do everything in software. Regardless of my opinion on the sanity of the hypervisor architects. I have not seen anything that indicates it will be hard to support the hypervisor doing everything or most of everything for us, so I see no valid technical objection to it. Nor have I ever. So I have no problem with additional patches in that direction. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists