On 12/12/2022 8:17 AM, Jason Gunthorpe wrote: > On Sat, Dec 10, 2022 at 09:14:06AM -0500, Steven Sistare wrote: > >> Thank you for your thoughtful response. Rather than debate the degree of >> of vulnerability, I propose an alternate solution. The technical crux of >> the matter is support for mediated devices. > > I'm not sure I'm convinced about that. It is easy to make problematic > situations with mdevs, but that doesn't mean other cases don't exist > too eg what happens if userspace suspends and then immediately does > something to trigger a domain attachment? Doesn't it still deadlock > the kernel? No deadlock. Any ioctl's that need vaddr return EINVAL if the vaddr has been suspended. ioctl's that do not need it succeed. The vaddr is not needed when all pages have been pinned, because iova can be translated via the iommu. > Honestly, I'm not sure I see the big deal, just don't backport these > reverts to your disto kernel. It must be done every time the kernel is refreshed, and is disruptive and error prone. All exceptions to the normal process are. And it derails my qemu patch review until native iommufd support is pushed into qemu. If I can avoid those problems with a few simple fixes, then that is a win. - Steve
