| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Dec 2017 13:51:48 +0000
From: Jean-Philippe Brucker <jean-philippe.brucker@....com>
To: Alex Williamson <alex.williamson@...hat.com>
Cc: Jacob Pan <jacob.jun.pan@...ux.intel.com>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Joerg Roedel <joro@...tes.org>,
David Woodhouse <dwmw2@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Rafael Wysocki <rafael.j.wysocki@...el.com>,
Lan Tianyu <tianyu.lan@...el.com>,
Jean Delvare <khali@...ux-fr.org>,
Will Deacon <Will.Deacon@....com>,
"Kumar, Sanjay K" <sanjay.k.kumar@...el.com>
Subject: Re: [PATCH v3 15/16] iommu: introduce page response function
On 07/12/17 21:56, Alex Williamson wrote:
[...]
>> Seems like VFIO should enforce this quota, since the IOMMU layer doesn't
>> know which device is assigned to which VM. If it's the IOMMU that enforces
>> quotas per device and a VM has 15 devices assigned, then the guest can
>> still DoS the IOMMU.
>
> VFIO also doesn't know about VMs. We know that devices attached to the
> same container are probably used by the same user, but once we add
> viommu, each device(group) uses its own container and we have no idea
> they're associated. So, no to VM based accounting, and it seems like
> an IOMMU problem, X number of outstanding requests per device. Thanks,
Ok. It's not clear anyway how the architecture and implementations expect
us to virtualize stall, I'll try to clarify it.
Thanks,
Jean
Powered by blists - more mailing lists