On Wed, May 22, 2024 at 11:24:20AM +0800, Yan Zhao wrote: > On Tue, May 21, 2024 at 01:34:00PM -0300, Jason Gunthorpe wrote: > > On Tue, May 21, 2024 at 10:21:23AM -0600, Alex Williamson wrote: > > > > > > Intel GPU weirdness should not leak into making other devices > > > > insecure/slow. If necessary Intel GPU only should get some variant > > > > override to keep no snoop working. > > > > > > > > It would make alot of good sense if VFIO made the default to disable > > > > no-snoop via the config space. > > > > > > We can certainly virtualize the config space no-snoop enable bit, but > > > I'm not sure what it actually accomplishes. We'd then be relying on > > > the device to honor the bit and not have any backdoors to twiddle the > > > bit otherwise (where we know that GPUs often have multiple paths to get > > > to config space). > > > > I'm OK with this. If devices are insecure then they need quirks in > > vfio to disclose their problems, we shouldn't punish everyone who > > followed the spec because of some bad actors. > Does that mean a malicous device that does not honor the bit could read > uninitialized host data? Yes, but a malicious device could also just do DMA with the PF RID and break everything. VFIO substantially trusts the device already, I'm not sure trusting it to do no-snoop blocking is a big reach. Jason
