On Wed, Dec 01, 2021 at 09:54:27AM +0000, Shameerali Kolothum Thodi wrote: > So just to make it clear , if a device declares that it doesn't support NDMA > and P2P, is the v1 version of the spec good enough or we still need to take > care the case that a malicious user might try MMIO access in !RUNNING > state and should have kernel infrastructure in place to safe guard that? My thinking is so long as the hostile user space cannot compromise the kernel it is OK. A corrupted migration is acceptable if userspace is not following the rules. >From a qemu perspective it should prevent a hostile VM from corrupting the migration, as that is allowing the VM to attack the infrastructure even if it hopefully only harms itself. > (Just a note to clarify that these are not HNS devices per se. HNS actually > stands for HiSilicon Network Subsystem and doesn't currently have live > migration capability. The devices capable of live migration are HiSilicon > Accelerator devices). Sorry, I mostly talk to the hns team ;) Jason
