> From: Jason Gunthorpe <jgg@xxxxxxxxxx> > Sent: Friday, August 30, 2024 9:55 PM > > On Fri, Aug 30, 2024 at 07:52:41AM +0000, Tian, Kevin wrote: > > > But according to above description S2FWB cannot 100% guarantee it > > due to PCI No Snoop. Does it suggest that we should only allow nesting > > only for CANWBS, or disable/hide PCI No Snoop cap from the guest > > in case of S2FWB? > > ARM has always had an issue with no-snoop and VFIO. The ARM > expectation is that VFIO/VMM would block no-snoop in the PCI config > space. > > From a VM perspective, any VMM on ARM has to take care to do this > today already. > > For instance a VMM could choose to only assign devices which never use > no-snoop, which describes almost all of what people actually do :) > > The purpose of S2FWB is to keep that approach working. If the VMM has > blocked no-snoop then S2FWB ensures that the VM can't use IOPTE bits > to break cachability and it remains safe. > > From a VFIO perspective ARM has always had a security hole similer to > what Yan is trying to fix on Intel, that is a separate pre-existing > topic. Ideally the VFIO kernel would block PCI config space no-snoop > for alot of cases. > Make sense. It'd be helpful putting some words in the commit msg too.
