lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260206143014.GH943673@ziepe.ca>
Date: Fri, 6 Feb 2026 10:30:14 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Manivannan Sadhasivam <mani@...nel.org>
Cc: Bjorn Helgaas <helgaas@...nel.org>,
	Manivannan Sadhasivam <manivannan.sadhasivam@....qualcomm.com>,
	Bjorn Helgaas <bhelgaas@...gle.com>, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org, iommu@...ts.linux.dev,
	Naresh Kamboju <naresh.kamboju@...aro.org>,
	Pavankumar Kondeti <quic_pkondeti@...cinc.com>,
	Xingang Wang <wangxingang5@...wei.com>,
	Marek Szyprowski <m.szyprowski@...sung.com>,
	Robin Murphy <robin.murphy@....com>,
	Alex Williamson <alex@...zbot.org>,
	James Puthukattukaran <james.puthukattukaran@...cle.com>
Subject: Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT
 switches

On Fri, Feb 06, 2026 at 02:41:36PM +0530, Manivannan Sadhasivam wrote:
> > It'd be worth expanding on this and what the effect of avoiding ACS SV
> > is.  Does this change which devices can be safely passed through to
> > virtual guests?  Does it give up isolation that users expect?
> > 
> 
> IMO, ACS SV is somewhat broken on this switch. But we can still passthrough the
> downstream devices to the guests. There won't be ACS SV apparently, but that's
> what users will get with broken hw.

I agree with this, the HW is very broken, let's have it at least work
properly in Linux on bare metal out of the box.

If someone really insists they need virtualization with narrow groups
on this HW then they need to come with a more complete fix. Using VFIO
is going to open up the reset flows that are problematic with the
current solution, so it isn't like that is already working fully.

Somehow I suspect nobody would use this switch for virtualization :)

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ