On Wed, Aug 08, 2018 at 12:58:32AM +0300, Michael S. Tsirkin wrote: > At least with VTD, it seems entirely possible to change e.g. a PMD > atomically to point to a different set of PTEs, then flush. > That will allow removing memory at high granularity for > an arbitrary device without mdev or PASID dependency. My understanding is that the guest driver should prohibit this kind of operation (say, modifying PMD). Actually I don't see how it can happen in Linux if the kernel drivers always call the IOMMU API since there are only map/unmap APIs rather than this atomic-modify API. The thing is that IMHO it's the guest driver's responsibility to make sure the pages will never be used by the device before it removes the entry (including modifying the PMD since that actually removes all the entries on the old PMD). If not, I would see it a guest kernel bug instead of the bug in the emulation code. Thanks, -- Peter Xu
