lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Nov 2015 09:56:56 +0200 From: "Michael S. Tsirkin" <mst@...hat.com> To: David Woodhouse <dwmw2@...radead.org> Cc: Andy Lutomirski <luto@...capital.net>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Christian Borntraeger <borntraeger@...ibm.com>, Paolo Bonzini <pbonzini@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Martin Schwidefsky <schwidefsky@...ibm.com>, Sebastian Ott <sebott@...ux.vnet.ibm.com>, linux-s390 <linux-s390@...r.kernel.org>, Cornelia Huck <cornelia.huck@...ibm.com>, Joerg Roedel <jroedel@...e.de>, Linux Virtualization <virtualization@...ts.linux-foundation.org>, Christoph Hellwig <hch@....de>, KVM <kvm@...r.kernel.org>, Marcel Apfelbaum <marcel.a@...hat.com> Subject: Re: [PATCH v3 0/3] virtio DMA API core stuff On Sun, Nov 22, 2015 at 10:21:34PM -0000, David Woodhouse wrote: > > > > There's that, and there's an "I care about security, but > > do not want to burn up cycles on fake protections that > > do not work" case. > > It would seem to make most sense for this use case simply *not* to expose > virtio devices to guests as being behind an IOMMU at all. Sure, there are > esoteric use cases where the guest actually nests and runs further guests > inside itself and wants to pass through the virtio devices from the real > hardware host. But presumably those configurations will have multiple > virtio devices assigned by the host anyway, and further tweaking the > configuration to put them behind an IOMMU shouldn't be hard. Unfortunately it's a no-go: this breaks the much less esoteric usecase of DPDK: using virtio devices with userspace drivers. Well - not breaks as such as this doesn't currently work, but this approach would prevent us from making it work. > > -- > dwmw2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists