From: Christoph Hellwig <hch@infradead.org>
To: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Cc: alex.williamson@redhat.com, herbert@gondor.apana.org.au,
cohuck@redhat.com, nhorman@redhat.com, vdronov@redhat.com,
bhelgaas@google.com, mark.a.chambers@intel.com,
gordon.mcfadden@intel.com, ahsan.atta@intel.com,
qat-linux@intel.com, kvm@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/5] vfio/pci: add blocklist and disable qat
Date: Fri, 10 Jul 2020 16:48:07 +0100 [thread overview]
Message-ID: <20200710154807.GA7292@infradead.org> (raw)
In-Reply-To: <20200701124209.GA12512@infradead.org>
On Wed, Jul 01, 2020 at 01:42:09PM +0100, Christoph Hellwig wrote:
> On Wed, Jul 01, 2020 at 12:02:57PM +0100, Giovanni Cabiddu wrote:
> > This patchset defines a blocklist of devices in the vfio-pci module and adds
> > the current generation of Intel(R) QuickAssist devices to it as they are
> > not designed to run in an untrusted environment.
>
> How can they not be safe? If any device is not safe to assign the
> whole vfio concept has major issues that we need to fix for real instead
> of coming up with quirk lists for specific IDs.
No answer yet: how is this device able to bypass the IOMMU? Don't
we have a fundamental model flaw if a random device can bypass the
IOMMU protection? Except for an ATS bug I can't really think of a way
how a device could bypass the IOMMU, and in that case we should just
disable ATS.
next prev parent reply other threads:[~2020-07-10 15:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-01 11:02 [PATCH 0/5] vfio/pci: add blocklist and disable qat Giovanni Cabiddu
2020-07-01 11:02 ` [PATCH 1/5] PCI: add Intel QuickAssist device IDs Giovanni Cabiddu
2020-07-01 21:16 ` Bjorn Helgaas
2020-07-01 11:02 ` [PATCH 2/5] vfio/pci: add device blocklist Giovanni Cabiddu
2020-07-01 21:24 ` Bjorn Helgaas
2020-07-01 11:03 ` [PATCH 3/5] vfio/pci: add qat devices to blocklist Giovanni Cabiddu
2020-07-01 21:28 ` Bjorn Helgaas
2020-07-10 15:08 ` Giovanni Cabiddu
2020-07-10 15:37 ` Bjorn Helgaas
2020-07-10 15:44 ` Bjorn Helgaas
2020-07-10 16:10 ` Alex Williamson
2020-07-10 16:22 ` Giovanni Cabiddu
2020-07-01 11:03 ` [PATCH 4/5] crypto: qat - replace device ids defines Giovanni Cabiddu
2020-07-01 11:03 ` [PATCH 5/5] crypto: qat - use PCI_VDEVICE Giovanni Cabiddu
2020-07-01 12:42 ` [PATCH 0/5] vfio/pci: add blocklist and disable qat Christoph Hellwig
2020-07-10 15:48 ` Christoph Hellwig [this message]
2020-07-10 16:13 ` Giovanni Cabiddu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200710154807.GA7292@infradead.org \
--to=hch@infradead.org \
--cc=ahsan.atta@intel.com \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=cohuck@redhat.com \
--cc=giovanni.cabiddu@intel.com \
--cc=gordon.mcfadden@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mark.a.chambers@intel.com \
--cc=nhorman@redhat.com \
--cc=qat-linux@intel.com \
--cc=vdronov@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.