On Tue, Jan 04, 2022 at 03:49:07AM +0000, Tian, Kevin wrote: > btw can you elaborate the DOS concern? The device is assigned > to an user application, which has one thread (migration thread) > blocked on another thread (vcpu thread) when transiting the > device to NDMA state. What service outside of this application > is denied here? The problem is the VM controls when the vPRI is responded and migration cannot proceed until this is done. So the basic DOS is for a hostile VM to trigger a vPRI and then never answer it. Even trivially done from userspace with a vSVA and userfaultfd, for instance. This will block the hypervisor from ever migrating the VM in a very poor way - it will just hang in the middle of a migration request. Regardless of the complaints of the IP designers, this is a very poor direction. Progress in the hypervisor should never be contingent on a guest VM. Jason
