Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper

From: Jason Gunthorpe
Date: Tue Jan 21 2025 - 19:21:46 EST

Next message: Frederic Weisbecker: "Re: [PATCH v4 22/30] context_tracking: Exit CT_STATE_IDLE upon irq/nmi entry"
Previous message: Howard Chu: "Re: [PATCH v4 0/2] perf trace: Add more tests for BTF-augmented perf trace"
In reply to: Nicolin Chen: "Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper"
Next in thread: Nicolin Chen: "Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 21, 2025 at 01:40:05PM -0800, Nicolin Chen wrote:
> > There is also the minor detail of what happens if the hypervisor HW
> > queue overflows - I don't know the answer here. It is security
> > concerning since the VM can spam DMA errors at high rate. :|
>
> In my view, the hypervisor queue is the vHW queue for the VM, so
> it should act like a HW, which means it's up to the guest kernel
> driver that handles the high rate DMA errors..

I'm mainly wondering what happens if the single physical kernel
event queue overflows because it is DOS'd by a VM and the hypervisor
cannot drain it fast enough?

I haven't looked closely but is there some kind of rate limiting or
otherwise to mitigate DOS attacks on the shared event queue from VMs?

Jason

Next message: Frederic Weisbecker: "Re: [PATCH v4 22/30] context_tracking: Exit CT_STATE_IDLE upon irq/nmi entry"
Previous message: Howard Chu: "Re: [PATCH v4 0/2] perf trace: Add more tests for BTF-augmented perf trace"
In reply to: Nicolin Chen: "Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper"
Next in thread: Nicolin Chen: "Re: [PATCH v5 08/14] iommufd/viommu: Add iommufd_viommu_report_event helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]