[PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)
Alex Williamson
alex.williamson at redhat.com
Fri Nov 22 08:00:48 EST 2013
On Thu, 2013-11-21 at 14:47 -0600, Scott Wood wrote:
> On Thu, 2013-11-21 at 13:43 -0700, Alex Williamson wrote:
> > On Thu, 2013-11-21 at 11:20 +0000, Bharat Bhushan wrote:
> > >
> > > > -----Original Message-----
> > > > From: Alex Williamson [mailto:alex.williamson at redhat.com]
> > > > Sent: Thursday, November 21, 2013 12:17 AM
> > > > To: Bhushan Bharat-R65777
> > > > Cc: joro at 8bytes.org; bhelgaas at google.com; agraf at suse.de; Wood Scott-B07421;
> > > > Yoder Stuart-B08248; iommu at lists.linux-foundation.org; linux-
> > > > pci at vger.kernel.org; linuxppc-dev at lists.ozlabs.org; linux-
> > > > kernel at vger.kernel.org; Bhushan Bharat-R65777
> > > > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)
> > > >
> > > > Is VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT per aperture (ie. each vfio user has
> > > > $COUNT regions at their disposal exclusively)?
> > >
> > > Number of msi-bank count is system wide and not per aperture, But will be setting windows for banks in the device aperture.
> > > So say if we are direct assigning 2 pci device (both have different iommu group, so 2 aperture in iommu) to VM.
> > > Now qemu can make only one call to know how many msi-banks are there but it must set sub-windows for all banks for both pci device in its respective aperture.
> >
> > I'm still confused. What I want to make sure of is that the banks are
> > independent per aperture. For instance, if we have two separate
> > userspace processes operating independently and they both chose to use
> > msi bank zero for their device, that's bank zero within each aperture
> > and doesn't interfere. Or another way to ask is can a malicious user
> > interfere with other users by using the wrong bank. Thanks,
>
> They can interfere. With this hardware, the only way to prevent that is
> to make sure that a bank is not shared by multiple protection contexts.
> For some of our users, though, I believe preventing this is less
> important than the performance benefit.
I think we need some sort of ownership model around the msi banks then.
Otherwise there's nothing preventing another userspace from attempting
an MSI based attack on other users, or perhaps even on the host. VFIO
can't allow that. Thanks,
Alex
More information about the Linuxppc-dev
mailing list