[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-comment] [PATCH 5/5] virtio-pci: implement VIRTIO_F_QUEUE_STATE
On 9/13/2023 12:19 PM, Parav Pandit wrote:
From: Zhu, Lingshan <lingshan.zhu@intel.com> Sent: Wednesday, September 13, 2023 9:44 AM On 9/12/2023 9:35 PM, Parav Pandit wrote:From: Zhu, Lingshan <lingshan.zhu@intel.com> Sent: Tuesday, September 12, 2023 6:39 PM On 9/12/2023 6:41 PM, Parav Pandit wrote:From: Zhu, Lingshan <lingshan.zhu@intel.com> Sent: Tuesday, September 12, 2023 4:05 PM I mean, why do you think my series can not work with P2PBecause it misses the intermediate mode STOP that we have in series [1]. [1] https://lists.oasis-open.org/archives/virtio-comment/202309/msg00071 .h tmlAgain, when SUSPEND: 1) the device freezes, means stop operation in both data-path and control-path, except the device statusExactly, including the RESET_VQ command also cannot be served becausedevice is frozen. see below2) a new feature bit will be introduced in V2, to allow RESET_VQ after SUSPENDRESET_VQ after suspend is simply wrong. Because device is alreadysuspended to not respond to some extra RESET_VQ command. No, when the device presents SUSPEND, that means the device config space is stabilized at that moment, from the SW perspective the device will not make changes to config space until !SUSPEND. However at that moment, the driver can still make modification to the config space and the driver handles the synchronization(checks, re-read, etc), so the driver is responsible for what it reads.It should be named as SUSPEND_CFG_SPACE.! All of this frankly seems intrusive enough as Michael pointed out. Good luck.
it also SUSPEND the data-path
As you can see, this is not perfect, so SiWei suggest to implement a new feature bit to control this, and it will be implemented in V2.3) if there is a device doing P2P against the device. They should be pass-through-ed to the same guest and should be suspended as well for LM, or it is a security problem.There is no security problem. Multiple passthrough devices and P2P is alreadythere in PCI using ACS for probably a decade now. As you aware of ACS, that means you have to trust them all, for example P2P devices has to be placed in one IOMMU group, and all devices in the group should be pass-through-ed to a guestSuch things are done by the hypervisor already. There is nothing virtio specific here. There is no security problem. If there is one, please file CVE for generic P2P in the pci-sig and we will handle them this Thu meeting.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]