On Sat, Dec 10, 2022 at 09:14:06AM -0500, Steven Sistare wrote: > Thank you for your thoughtful response. Rather than debate the degree of > of vulnerability, I propose an alternate solution. The technical crux of > the matter is support for mediated devices. I'm not sure I'm convinced about that. It is easy to make problematic situations with mdevs, but that doesn't mean other cases don't exist too eg what happens if userspace suspends and then immediately does something to trigger a domain attachment? Doesn't it still deadlock the kernel? Honestly, I'm not sure I see the big deal, just don't backport these reverts to your disto kernel. Jason
