> From: Peter Xu [mailto:[email protected]] > Sent: Friday, April 27, 2018 5:54 PM > > On Fri, Apr 27, 2018 at 07:19:25AM +0000, Tian, Kevin wrote: > > > From: Peter Xu > > > Sent: Friday, April 27, 2018 2:26 PM > > > > > > On Fri, Apr 27, 2018 at 01:13:02PM +0800, Jason Wang wrote: > > > > > > > > > > > > On 2018年04月25日 12:51, Peter Xu wrote: > > > > > Add a per-iommu big lock to protect IOMMU status. Currently the > only > > > > > thing to be protected is the IOTLB cache, since that can be accessed > > > > > even without BQL, e.g., in IO dataplane. > > > > > > > > > > Note that device page tables should not need any protection. The > > > safety > > > > > of that should be provided by guest OS. E.g., when a page entry is > > > > > freed, the guest OS should be responsible to make sure that no > device > > > > > will be using that page any more. > > > > device page table definitely doesn't require protection, since it is > > in-memory structure managed by guest. However the reason > > above is not accurate - there is no way that guest OS can make > > sure no device uses non-present page entry, otherwise it doesn't > > require virtual IOMMU to protect itself. There could be bogus/ > > malicious drivers which surely may program the device to attempt so. > > How about this: > > Note that we don't need to protect device page tables since that's > fully controlled by the guest kernel. However there is still > possibilities that malicious drivers will still program the device > to not disobey the rule. In that case QEMU can't really do anything > useful, instead the guest itself will be responsible for all > uncertainties. >
yes, OK to me Thanks Kevin
