| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Oct 2013 17:10:37 +0100 From: Paolo Bonzini <pbonzini@...hat.com> To: Alex Williamson <alex.williamson@...hat.com> CC: Gleb Natapov <gleb@...hat.com>, kvm@...r.kernel.org, aik@...abs.ru, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/4] kvm: Destroy & free KVM devices on release Il 30/10/2013 16:56, Alex Williamson ha scritto: > On Wed, 2013-10-30 at 16:42 +0100, Paolo Bonzini wrote: >> Il 30/10/2013 16:33, Gleb Natapov ha scritto: >>>> Hmm, ok. In that case I can drop this patch and I think the rest just >>>> boils down to userspace use of the device. I had been close()'ing the >>>> kvm device fd when all QEMU vfio devices are detached, but I can just as >>>> easily leave it open in case a new device is added later. I'll send out >>>> a new series after doing some more review and testing. Do you have any >>>> comments on the rest of the series? Thanks, >>> >>> If I understand 4/4 correctly if there is VFIO device connected we >>> assume non coherent domain. How hard it would be to do proper checking >>> in this path series? >> >> Yes, that's my understanding as well. Is the performance impact measurable? > > I have additional patches to do this, the blocker is that intel-iommu > strips IOMMU_CACHE from the flags I provide if the IOMMU domain as a > whole (ie. all of the hardware units involved in the domain) do not all > support Snoop Control (SC). Thus I can't rely on simply tracking the > hardware capabilities of the domain because some IOMMU PTEs will have > SNP set, others will not. It depends on the state of the IOMMU domain > at the time of the mapping. Therefore the only way to switch back to > coherent from non-coherent is to unmap and remap everything. This is > what legacy KVM device assignment does, but I can't see how that's not > racy wrt inflight DMA. > > The patch approach I was taking is: > > 1) Enable KVM to handle the VM as non-coherent (which is trued, VFIO > never sets IOMMU_CACHE currently due to the above issues). > > 2) Get QEMU to enable the KVM device, fixing the coherency issue. > > 3) Fix Intel IOMMU to honor IOMMU_CACHE regardless of hw capabilities > (patch posted). > > 4) Make VFIO always map w/ IOMMU_CACHE > > 5) Create VFIO external user interface to query capabilities. > > 6) Update KVM device to use it. > > As to performance, for graphics I can't tell a difference whether > NoSnoop is prevented or KVM does WBINVD. I'm hoping though that we can > consider the mode enabled by this patch as a temporary step in the > process and we'll eventually get to a state where we only emulate WBINVD > when necessary. Correctness trumps performance in the current round. > Thanks, Thanks for the explanation. Gleb, this looks fine to me. WDYT? Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists