| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AADFC41AFE54684AB9EE6CBC0274A5D15F842653@SHSMSX101.ccr.corp.intel.com> Date: Tue, 3 May 2016 06:22:15 +0000 From: "Tian, Kevin" <kevin.tian@...el.com> To: Yongji Xie <xyjxie@...ux.vnet.ibm.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>, "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>, "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org> CC: "alex.williamson@...hat.com" <alex.williamson@...hat.com>, "bhelgaas@...gle.com" <bhelgaas@...gle.com>, "aik@...abs.ru" <aik@...abs.ru>, "benh@...nel.crashing.org" <benh@...nel.crashing.org>, "paulus@...ba.org" <paulus@...ba.org>, "mpe@...erman.id.au" <mpe@...erman.id.au>, "joro@...tes.org" <joro@...tes.org>, "warrier@...ux.vnet.ibm.com" <warrier@...ux.vnet.ibm.com>, "zhong@...ux.vnet.ibm.com" <zhong@...ux.vnet.ibm.com>, "nikunj@...ux.vnet.ibm.com" <nikunj@...ux.vnet.ibm.com>, "eric.auger@...aro.org" <eric.auger@...aro.org>, "will.deacon@....com" <will.deacon@....com>, "gwshan@...ux.vnet.ibm.com" <gwshan@...ux.vnet.ibm.com>, "David.Laight@...LAB.COM" <David.Laight@...LAB.COM>, "alistair@...ple.id.au" <alistair@...ple.id.au>, "ruscur@...sell.cc" <ruscur@...sell.cc> Subject: RE: [PATCH 5/5] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported > From: Yongji Xie [mailto:xyjxie@...ux.vnet.ibm.com] > Sent: Tuesday, May 03, 2016 2:08 PM > > On 2016/5/3 13:34, Tian, Kevin wrote: > > >> From: Yongji Xie > >> Sent: Wednesday, April 27, 2016 8:43 PM > >> > >> This patch enables mmapping MSI-X tables if hardware supports > >> interrupt remapping which can ensure that a given pci device > >> can only shoot the MSIs assigned for it. > >> > >> With MSI-X table mmapped, we also need to expose the > >> read/write interface which will be used to access MSI-X table. > >> > >> Signed-off-by: Yongji Xie <xyjxie@...ux.vnet.ibm.com> > > A curious question here. Does "allow to mmap MSI-X" essentially > > mean that KVM guest can directly read/write physical MSI-X > > structure then? > > > > Thanks > > Kevin > > > > Here we just allow to mmap MSI-X table in kernel. It doesn't > mean all KVM guest can directly read/write physical MSI-X > structure. This should be decided by QEMU. For PPC64 > platform, we would allow to passthrough the MSI-X table > because we know guest kernel would not write physical > MSI-X structure when enabling MSI. > A bit confused here. If guest kernel doesn't need to write physical MSI-X structure, what's the point of passing through the table then? I think the key whether MSI-X table can be passed through is related to where hypervisor control is deployed. At least for x86: - When irq remapping is not enabled, host/hypervisor needs to control physical interrupt message including vector/dest/etc. directly in MSI-X structure, so we cannot allow a guest to access it; - when irq remapping is enabled, host/hypervisor can control interrupt routing in irq remapping table. However MSI-X also needs to be configured as remappable format. In this manner we also cannot allow direct access from guest. The only sane case to pass through MSI-X structure, is a mechanism similar to irq remapping but w/o need to change original MSI-X format so direct access from guest side is safe. Is it the case in PPC64? Thanks Kevin
Powered by blists - more mailing lists