lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 7 Jul 2016 10:36:44 +0800
From:	Xiao Guangrong <guangrong.xiao@...ux.intel.com>
To:	Paolo Bonzini <pbonzini@...hat.com>, Neo Jia <cjia@...dia.com>
Cc:	linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	Kirti Wankhede <kwankhede@...dia.com>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH 0/2] KVM: MMU: support VMAs that got remap_pfn_range-ed



On 07/06/2016 07:48 PM, Paolo Bonzini wrote:
>
>
> On 06/07/2016 06:02, Xiao Guangrong wrote:
>>>>
>>>>>
>>>>> May I ask you what the exact issue you have with this interface for
>>>>> Intel to support
>>>>> your own GPU virtualization?
>>>>
>>>> Intel's vGPU can work with this framework. We really appreciate your
>>>> / nvidia's
>>>> contribution.
>>>
>>> Then, I don't think we should embargo Paolo's patch.
>>
>> This patchset is specific for the framework design, i.e, mapping memory when
>> fault happens rather than mmap(), and this design is exact what we are
>> discussing for nearly two days.
>
> I disagree, this patch fixes a bug because what Neo is doing is legal.
> It may not be the design that will be committed, but the bug they found
> in KVM is real.
>

I just worried if we really need fault-on-demand for device memory, i.e,
if device memory overcommit is safe enough.

It lacks a graceful way to recover the workload if the resource is really
overloaded. Unlike with normal memory, host kernel and guest kernel can not
do anything except killing the VM under this case. So the VM get crashed
due to device emulation, that is not safe as the device can be accessed in
userspace even with unprivileged user, it is vulnerable in data center.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ