Re: [PATCH] PCI: hv: Move completion variable from stack to heap in hv_compose_msi_msg()

From: Andrea Parri
Date: Tue Jun 01 2021 - 19:13:52 EST

Next message: Andrew Morton: "Re: [PATCH v2] mm: fs: invalidate bh_lrus for only cold path"
Previous message: Dmitry Osipenko: "[PATCH v1 2/2] soc/tegra: pmc: Remove usage of lockdep_set_class()"
In reply to: Long Li: "RE: [PATCH] PCI: hv: Move completion variable from stack to heap in hv_compose_msi_msg()"
Next in thread: Long Li: "RE: [PATCH] PCI: hv: Move completion variable from stack to heap in hv_compose_msi_msg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I agree if the intent is to deal with a untrusted host, I can follow the same principle to add this support to all requests to VSP. But this is a different problem to what this patch intends to address. I can see they may share the same design principle and common code. My question on a untrusted host is: If a host is untrusted and is misbehaving on purpose, what's the point of keep the VM running and not crashing the PCI driver?

I think the principle can be summarized with "keep the VM _running, if you can
handle the misbehaviour (possibly, warning on "something wrong/unexpected just
happened"); crash, otherwise".

Of course, this is just a principle: the exact meaning of that 'handle' should
be leverage case by case (which I admittedly haven't here); I'm thinking, e.g.,
at corresponding complexity/performance impacts and risks of 'mis-assessments'.

Thanks,
Andrea

Next message: Andrew Morton: "Re: [PATCH v2] mm: fs: invalidate bh_lrus for only cold path"
Previous message: Dmitry Osipenko: "[PATCH v1 2/2] soc/tegra: pmc: Remove usage of lockdep_set_class()"
In reply to: Long Li: "RE: [PATCH] PCI: hv: Move completion variable from stack to heap in hv_compose_msi_msg()"
Next in thread: Long Li: "RE: [PATCH] PCI: hv: Move completion variable from stack to heap in hv_compose_msi_msg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]