On Fri, Sep 23, 2022 at 11:40:51AM -0400, Laine Stump wrote:
> It's been a few years, but my recollection is that before starting a
> libvirtd that will run a guest with a vfio device, a privileged process
> needs to
>
> 1) increase the locked memory limit for the user that will be running qemu
>
On Wed, Oct 12, 2022 at 10:55:57AM -0400, Steven Sistare wrote:
> On 10/12/2022 10:40 AM, Jason Gunthorpe wrote:
> > On Wed, Oct 12, 2022 at 09:50:53AM -0400, Steven Sistare wrote:
> >
> >>> Anyhow, I think this conversation has convinced me there is no way to
> >>> fix VFIO_DMA_UNMAP_FLAG_VADDR.
On 10/12/2022 10:40 AM, Jason Gunthorpe wrote:
> On Wed, Oct 12, 2022 at 09:50:53AM -0400, Steven Sistare wrote:
>
>>> Anyhow, I think this conversation has convinced me there is no way to
>>> fix VFIO_DMA_UNMAP_FLAG_VADDR. I'll send a patch reverting it due to
>>> it being a security bug,
On Wed, Oct 12, 2022 at 09:50:53AM -0400, Steven Sistare wrote:
> > Anyhow, I think this conversation has convinced me there is no way to
> > fix VFIO_DMA_UNMAP_FLAG_VADDR. I'll send a patch reverting it due to
> > it being a security bug, basically.
>
> Please do not. Please give me the
On 10/12/2022 8:32 AM, Jason Gunthorpe wrote:
> On Tue, Oct 11, 2022 at 04:30:58PM -0400, Steven Sistare wrote:
>> On 10/11/2022 8:30 AM, Jason Gunthorpe wrote:
>>> On Mon, Oct 10, 2022 at 04:54:50PM -0400, Steven Sistare wrote:
> Do we have a solution to this?
>
> If not I would like
On Tue, Oct 11, 2022 at 04:30:58PM -0400, Steven Sistare wrote:
> On 10/11/2022 8:30 AM, Jason Gunthorpe wrote:
> > On Mon, Oct 10, 2022 at 04:54:50PM -0400, Steven Sistare wrote:
> >>> Do we have a solution to this?
> >>>
> >>> If not I would like to make a patch removing
On 10/11/2022 8:30 AM, Jason Gunthorpe wrote:
> On Mon, Oct 10, 2022 at 04:54:50PM -0400, Steven Sistare wrote:
>>> Do we have a solution to this?
>>>
>>> If not I would like to make a patch removing VFIO_DMA_UNMAP_FLAG_VADDR
>>>
>>> Aside from the approach to use the FD, another idea is to just
On Mon, Oct 10, 2022 at 04:54:50PM -0400, Steven Sistare wrote:
> > Do we have a solution to this?
> >
> > If not I would like to make a patch removing VFIO_DMA_UNMAP_FLAG_VADDR
> >
> > Aside from the approach to use the FD, another idea is to just use
> > fork.
> >
> > qemu would do something
On 10/6/2022 12:01 PM, Jason Gunthorpe wrote:
> On Wed, Sep 21, 2022 at 08:09:54PM -0300, Jason Gunthorpe wrote:
>> On Wed, Sep 21, 2022 at 03:30:55PM -0400, Steven Sistare wrote:
>>
If Steve wants to keep it then someone needs to fix the deadlock in
the vfio implementation before any
On 10/6/2022 12:01 PM, Jason Gunthorpe wrote:
> On Wed, Sep 21, 2022 at 08:09:54PM -0300, Jason Gunthorpe wrote:
>> On Wed, Sep 21, 2022 at 03:30:55PM -0400, Steven Sistare wrote:
>>
If Steve wants to keep it then someone needs to fix the deadlock in
the vfio implementation before any
On Wed, Sep 21, 2022 at 08:09:54PM -0300, Jason Gunthorpe wrote:
> On Wed, Sep 21, 2022 at 03:30:55PM -0400, Steven Sistare wrote:
>
> > > If Steve wants to keep it then someone needs to fix the deadlock in
> > > the vfio implementation before any userspace starts to appear.
> >
> > The only
On Fri, Sep 23, 2022 at 08:03:07AM -0600, Alex Williamson wrote:
> On Fri, 23 Sep 2022 10:29:41 -0300
> Jason Gunthorpe wrote:
>
> > On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
> >
> > > Yes, we use cgroups extensively already.
> >
> > Ok, I will try to see about this
On 9/23/22 10:00 AM, Daniel P. Berrangé wrote:
On Fri, Sep 23, 2022 at 10:46:21AM -0300, Jason Gunthorpe wrote:
On Fri, Sep 23, 2022 at 02:35:20PM +0100, Daniel P. Berrangé wrote:
On Fri, Sep 23, 2022 at 10:29:41AM -0300, Jason Gunthorpe wrote:
On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel
On Fri, 23 Sep 2022 10:29:41 -0300
Jason Gunthorpe wrote:
> On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
>
> > Yes, we use cgroups extensively already.
>
> Ok, I will try to see about this
>
> Can you also tell me if the selinux/seccomp will prevent qemu from
>
On Fri, Sep 23, 2022 at 10:46:21AM -0300, Jason Gunthorpe wrote:
> On Fri, Sep 23, 2022 at 02:35:20PM +0100, Daniel P. Berrangé wrote:
> > On Fri, Sep 23, 2022 at 10:29:41AM -0300, Jason Gunthorpe wrote:
> > > On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
> > >
> > > > Yes,
On Fri, Sep 23, 2022 at 02:35:20PM +0100, Daniel P. Berrangé wrote:
> On Fri, Sep 23, 2022 at 10:29:41AM -0300, Jason Gunthorpe wrote:
> > On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
> >
> > > Yes, we use cgroups extensively already.
> >
> > Ok, I will try to see about
On Fri, Sep 23, 2022 at 10:29:41AM -0300, Jason Gunthorpe wrote:
> On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
>
> > Yes, we use cgroups extensively already.
>
> Ok, I will try to see about this
>
> Can you also tell me if the selinux/seccomp will prevent qemu from
>
On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote:
> Yes, we use cgroups extensively already.
Ok, I will try to see about this
Can you also tell me if the selinux/seccomp will prevent qemu from
opening more than one /dev/vfio/vfio ? I suppose the answer is no?
Thanks,
Jason
On Thu, Sep 22, 2022 at 12:31:20PM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 22, 2022 at 04:00:00PM +0100, Daniel P. Berrangé wrote:
> > On Thu, Sep 22, 2022 at 11:51:54AM -0300, Jason Gunthorpe wrote:
> > > On Thu, Sep 22, 2022 at 03:49:02PM +0100, Daniel P. Berrangé wrote:
> > > > On Thu, Sep
On Thu, Sep 22, 2022 at 04:00:00PM +0100, Daniel P. Berrangé wrote:
> On Thu, Sep 22, 2022 at 11:51:54AM -0300, Jason Gunthorpe wrote:
> > On Thu, Sep 22, 2022 at 03:49:02PM +0100, Daniel P. Berrangé wrote:
> > > On Thu, Sep 22, 2022 at 11:08:23AM -0300, Jason Gunthorpe wrote:
> > > > On Thu, Sep
On Thu, Sep 22, 2022 at 11:51:54AM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 22, 2022 at 03:49:02PM +0100, Daniel P. Berrangé wrote:
> > On Thu, Sep 22, 2022 at 11:08:23AM -0300, Jason Gunthorpe wrote:
> > > On Thu, Sep 22, 2022 at 12:20:50PM +0100, Daniel P. Berrangé wrote:
> > > > On Wed, Sep
On Thu, Sep 22, 2022 at 03:49:02PM +0100, Daniel P. Berrangé wrote:
> On Thu, Sep 22, 2022 at 11:08:23AM -0300, Jason Gunthorpe wrote:
> > On Thu, Sep 22, 2022 at 12:20:50PM +0100, Daniel P. Berrangé wrote:
> > > On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> > > > On Wed, Sep
On Thu, Sep 22, 2022 at 11:08:23AM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 22, 2022 at 12:20:50PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> > > On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> > > > The issue is
On Thu, Sep 22, 2022 at 11:13:42AM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote:
>
> > So per-user locked mem accounting looks like a regression in
> > our VM isolation abilities compared to the per-task accounting.
>
> For this kind of API
On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote:
> So per-user locked mem accounting looks like a regression in
> our VM isolation abilities compared to the per-task accounting.
For this kind of API the management app needs to put each VM in its
own user, which I'm a bit
On Thu, Sep 22, 2022 at 12:20:50PM +0100, Daniel P. Berrangé wrote:
> On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> > On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> > > The issue is where we account these pinned pages, where accounting is
> > > necessary
On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> > The issue is where we account these pinned pages, where accounting is
> > necessary such that a user cannot lock an arbitrary number of pages
> > into RAM to
On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> [Cc+ Steve, libvirt, Daniel, Laine]
>
> On Tue, 20 Sep 2022 16:56:42 -0300
> Jason Gunthorpe wrote:
> > That really just leaves the accounting, and I'm still not convinced at
> > this must be a critical thing. Linus's latest
On 9/21/2022 2:44 PM, Jason Gunthorpe wrote:
> On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
>
>>> I still think the compat gaps are small. I've realized that
>>> VFIO_DMA_UNMAP_FLAG_VADDR has no implementation in qemu, and since it
>>> can deadlock the kernel I propose we
On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> If /dev/vfio/vfio is provided by iommufd it may well have to trigger a
> different ulimit tracking - if that is the only sticking point it
> seems minor and should be addressed in some later series that adds
> /dev/vfio/vfio
On Wed, Sep 21, 2022 at 03:30:55PM -0400, Steven Sistare wrote:
> > If Steve wants to keep it then someone needs to fix the deadlock in
> > the vfio implementation before any userspace starts to appear.
>
> The only VFIO_DMA_UNMAP_FLAG_VADDR issue I am aware of is broken pinned
> accounting
>
On 9/21/22 2:06 PM, Alex Williamson wrote:
[Cc+ Steve, libvirt, Daniel, Laine]
On Tue, 20 Sep 2022 16:56:42 -0300
Jason Gunthorpe wrote:
On Tue, Sep 13, 2022 at 09:28:18AM +0200, Eric Auger wrote:
Hi,
On 9/13/22 03:55, Tian, Kevin wrote:
We didn't close the open of how to get this merged
On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> > I still think the compat gaps are small. I've realized that
> > VFIO_DMA_UNMAP_FLAG_VADDR has no implementation in qemu, and since it
> > can deadlock the kernel I propose we purge it completely.
>
> Steve won't be happy to
[Cc+ Steve, libvirt, Daniel, Laine]
On Tue, 20 Sep 2022 16:56:42 -0300
Jason Gunthorpe wrote:
> On Tue, Sep 13, 2022 at 09:28:18AM +0200, Eric Auger wrote:
> > Hi,
> >
> > On 9/13/22 03:55, Tian, Kevin wrote:
> > > We didn't close the open of how to get this merged in LPC due to the
> > >
34 matches
Mail list logo
