lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 Apr 2016 16:11:54 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	"Michael S. Tsirkin" <mst@...hat.com>
Cc:	Joerg Roedel <joro@...tes.org>, Kevin Wolf <kwolf@...hat.com>,
	Wei Liu <wei.liu2@...rix.com>,
	Andy Lutomirski <luto@...nel.org>, qemu-block@...gnu.org,
	Christian Borntraeger <borntraeger@...ibm.com>,
	Jason Wang <jasowang@...hat.com>,
	Stefano Stabellini <stefano.stabellini@...citrix.com>,
	qemu-devel@...gnu.org, peterx@...hat.com,
	linux-kernel@...r.kernel.org, Amit Shah <amit.shah@...hat.com>,
	iommu@...ts.linux-foundation.org,
	Stefan Hajnoczi <stefanha@...hat.com>, kvm@...r.kernel.org,
	cornelia.huck@...ibm.com, pbonzini@...hat.com,
	virtualization@...ts.linux-foundation.org,
	Anthony PERARD <anthony.perard@...rix.com>
Subject: Re: [PATCH V2 RFC] fixup! virtio: convert to use DMA api

On Thu, 2016-04-28 at 17:34 +0300, Michael S. Tsirkin wrote:
> I see work-arounds for broken IOMMUs but not for
> individual devices. Could you point me to a more specific
> example?

I think the closest example is probably quirk_ioat_snb_local_iommu().

If we see this particular device, we *know* what the topology actually
looks like. We check the hardware setup, and if we're *not* being told
the truth, then we stick it in bypass mode because we know it *isn't*
actually being translated.

Actually, that's almost *identical* to what we want, isn't it?

Except instead of checking undocumented chipset registers, it wants to
be checking "am I on a version of qemu known to lie about virtio being
translated?"

> > We don't actually *need* it for the Intel IOMMU; all we need is for
> > QEMU to stop lying in its DMAR tables.
> We need it for legacy QEMU anyway, and it's not easy for QEMU to stop
> lying about virtio, so we'll need it for a while.
> I think it's easy for QEMU to stop lying about assigned devices,
> so we don't need it for non-virtio devices.

Why is it easier for QEMU to tell the truth about assigned devices,
than it is for virtio? Assuming they both remain actually untranslated
for now, why's it easier to fix the DMAR table for one and not the
other?

(Implementing translation of assigned devices is on my list, but it's a
long way off).

> I don't see why how fwcfg can work here. It's a static thing,
> devices can come and go with hotplug.

This touches on something you said elsewhere, that it's
painful/impossible to hot-unplug a translated device and hot-plug an
untranslated device in the same slot (and vice versa).

So let's assume for now that a given slot is indeed static, and either
translated or untranslated. Like the DMAR table, the fwcfg can just
give a list of slot which are (or aren't) translated.

And then you can *only* add a translated device to a translated slot,
or an untranslated device to an untranslated slot.

All the internally-emulated devices *can* be either translated or
untranslated. That's just a matter of software. Surely, you currently
*can't* have translated assigned devices (until someone implements the
whole VT-d page table shadowing or whatever), so you'll be barred from
assigning a device to a slot which *previously* had an untranslated
device. But so what? Put it in a different slot instead.

-- 
dwmw2


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5760 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ