On Wed, May 22, 2024 at 09:26:05AM -0300, Jason Gunthorpe wrote: > On Wed, May 22, 2024 at 11:24:20AM +0800, Yan Zhao wrote: > > On Tue, May 21, 2024 at 01:34:00PM -0300, Jason Gunthorpe wrote: > > > On Tue, May 21, 2024 at 10:21:23AM -0600, Alex Williamson wrote: > > > > > > > > Intel GPU weirdness should not leak into making other devices > > > > > insecure/slow. If necessary Intel GPU only should get some variant > > > > > override to keep no snoop working. > > > > > > > > > > It would make alot of good sense if VFIO made the default to disable > > > > > no-snoop via the config space. > > > > > > > > We can certainly virtualize the config space no-snoop enable bit, but > > > > I'm not sure what it actually accomplishes. We'd then be relying on > > > > the device to honor the bit and not have any backdoors to twiddle the > > > > bit otherwise (where we know that GPUs often have multiple paths to get > > > > to config space). > > > > > > I'm OK with this. If devices are insecure then they need quirks in > > > vfio to disclose their problems, we shouldn't punish everyone who > > > followed the spec because of some bad actors. > > Does that mean a malicous device that does not honor the bit could read > > uninitialized host data? > > Yes, but a malicious device could also just do DMA with the PF RID and > break everything. VFIO substantially trusts the device already, I'm > not sure trusting it to do no-snoop blocking is a big reach. There are minor differences between the two trusts though. With no-snoop, the page is possible to be critical data previously used by kernel core. But with a fake RID, a malicious device can at least access memory allowed for other devices.