On Thu, Oct 08, 2015 at 04:28:34PM +0300, Gleb Natapov wrote: > On Thu, Oct 08, 2015 at 04:20:04PM +0300, Michael S. Tsirkin wrote: > > On Thu, Oct 08, 2015 at 03:27:37PM +0300, Gleb Natapov wrote: > > > On Thu, Oct 08, 2015 at 03:06:07PM +0300, Michael S. Tsirkin wrote: > > > > On Thu, Oct 08, 2015 at 12:44:09PM +0300, Avi Kivity wrote: > > > > > > > > > > > > > > > On 10/08/2015 12:16 PM, Michael S. Tsirkin wrote: > > > > > >On Thu, Oct 08, 2015 at 11:46:30AM +0300, Avi Kivity wrote: > > > > > >> > > > > > >>On 10/08/2015 10:32 AM, Michael S. Tsirkin wrote: > > > > > >>>On Thu, Oct 08, 2015 at 08:33:45AM +0300, Avi Kivity wrote: > > > > > >>>>It is good practice to defend against root oopsing the kernel, > > > > > >>>>but in some > > > > > >>>>cases it cannot be achieved. > > > > > >>>Absolutely. That's one of the issues with these patches. They > > > > > >>>don't even > > > > > >>>try where it's absolutely possible. > > > > > >>> > > > > > >>Are you referring to blocking the maps of the msix BAR areas? > > > > > >For example. There are more. I listed some of the issues on the > > > > > >mailing > > > > > >list, and I might have missed some. VFIO has code to address all > > > > > >this, > > > > > >people should share code to avoid duplication, or at least read it > > > > > >to understand the issues. > > > > > > > > > > All but one of those are unrelated to the patch that adds msix > > > > > support. > > > > > > > > They are related because msix support enables bus mastering. Without it > > > > device is passive and can't harm anyone. With it, suddently you need to > > > > be very careful with the device to avoid corrupting kernel memory. > > > > > > > Most (if not all) uio_pci_generic users enable pci bus mastering. The > > > fact that they do that without even tainting the kernel like the patch > > > does make current situation much worse that with the patch. > > > > It isn't worse. It's a sane interface. Whoever enables bus mastering > > must be careful. If userspace enables bus mastering then userspace > > needs to be very careful with the device to avoid corrupting kernel > > memory. If kernel does it, it's kernel's responsibility. > > > Although this definition of sanity sounds strange to me, but lets > flow with it for the sake of this email: would it be OK if proposed > interface refused to work if bus mastering is not already enabled by > userspace?
An interface could be acceptable if there's a fallback where it works without BM but slower (e.g. poll pending bits). But not the proposed one. Really, there's more to making msi-x work with userspace drivers than this patch. As I keep telling people, you would basically reimplement vfio/pci. Go over it, and see for yourself. Almost everything it does is relevant for msi-x. It's just wrong to duplicate so much code. > -- > Gleb. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
