From: Christoph Hellwig <hch@infradead.org>
To: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Cc: alex.williamson@redhat.com, herbert@gondor.apana.org.au,
cohuck@redhat.com, nhorman@redhat.com, vdronov@redhat.com,
bhelgaas@google.com, mark.a.chambers@intel.com,
gordon.mcfadden@intel.com, ahsan.atta@intel.com,
qat-linux@intel.com, kvm@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/5] vfio/pci: add blocklist and disable qat
Date: Fri, 10 Jul 2020 16:48:07 +0100 [thread overview]
Message-ID: <20200710154807.GA7292@infradead.org> (raw)
In-Reply-To: <20200701124209.GA12512@infradead.org>
On Wed, Jul 01, 2020 at 01:42:09PM +0100, Christoph Hellwig wrote:
> On Wed, Jul 01, 2020 at 12:02:57PM +0100, Giovanni Cabiddu wrote:
> > This patchset defines a blocklist of devices in the vfio-pci module and adds
> > the current generation of Intel(R) QuickAssist devices to it as they are
> > not designed to run in an untrusted environment.
>
> How can they not be safe? If any device is not safe to assign the
> whole vfio concept has major issues that we need to fix for real instead
> of coming up with quirk lists for specific IDs.
No answer yet: how is this device able to bypass the IOMMU? Don't
we have a fundamental model flaw if a random device can bypass the
IOMMU protection? Except for an ATS bug I can't really think of a way
how a device could bypass the IOMMU, and in that case we should just
disable ATS.
next prev parent reply other threads:[~2020-07-10 15:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-01 11:02 [PATCH 0/5] vfio/pci: add blocklist and disable qat Giovanni Cabiddu
2020-07-01 11:02 ` [PATCH 1/5] PCI: add Intel QuickAssist device IDs Giovanni Cabiddu
2020-07-01 21:16 ` Bjorn Helgaas
2020-07-01 11:02 ` [PATCH 2/5] vfio/pci: add device blocklist Giovanni Cabiddu
2020-07-01 21:24 ` Bjorn Helgaas
2020-07-01 11:03 ` [PATCH 3/5] vfio/pci: add qat devices to blocklist Giovanni Cabiddu
2020-07-01 21:28 ` Bjorn Helgaas
2020-07-10 15:08 ` Giovanni Cabiddu
2020-07-10 15:37 ` Bjorn Helgaas
2020-07-10 15:44 ` Bjorn Helgaas
2020-07-10 16:10 ` Alex Williamson
2020-07-10 16:22 ` Giovanni Cabiddu
2020-07-01 11:03 ` [PATCH 4/5] crypto: qat - replace device ids defines Giovanni Cabiddu
2020-07-01 11:03 ` [PATCH 5/5] crypto: qat - use PCI_VDEVICE Giovanni Cabiddu
2020-07-01 12:42 ` [PATCH 0/5] vfio/pci: add blocklist and disable qat Christoph Hellwig
2020-07-10 15:48 ` Christoph Hellwig [this message]
2020-07-10 16:13 ` Giovanni Cabiddu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200710154807.GA7292@infradead.org \
--to=hch@infradead.org \
--cc=ahsan.atta@intel.com \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=cohuck@redhat.com \
--cc=giovanni.cabiddu@intel.com \
--cc=gordon.mcfadden@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mark.a.chambers@intel.com \
--cc=nhorman@redhat.com \
--cc=qat-linux@intel.com \
--cc=vdronov@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).