Re: [patch V2 04/25] x86/apic: Make apic_pending_intr_clear() more robust

From: Thomas Gleixner
Date: Tue Jul 09 2019 - 10:43:49 EST

Next message: Dietmar Eggemann: "Re: [RFC PATCH 3/6] sched/dl: Try better placement even for deadline tasks that do not block"
Previous message: Rob Herring: "Re: [PATCH 4/8] dt-bindings: tpm: document properties for cr50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 7 Jul 2019, Thomas Gleixner wrote:

> On Fri, 5 Jul 2019, Paolo Bonzini wrote:
> > On 05/07/19 22:25, Thomas Gleixner wrote:
> > > The more interesting question is whether this is all relevant. If I
> > > understood the issue correctly then this is mitigated by proper interrupt
> > > remapping.
> >
> > Yes, and for Linux we're good I think. VFIO by default refuses to use
> > the IOMMU if interrupt remapping is absent or disabled, and KVM's own
>
> Confused. If it does not use IOMMU, what does it do? Hand in the device as
> is and let the guest fiddle with it unconstrained or does it actually
> refuse to pass through?

Read through it and it refuses to attach unless the allow_unsafe_interrupts
option is set, but again we can't protect against wilful ignorance.

So the default prevents abuse on systems without IOMMU and irq remapping,
so there is not much to worry about AFAICT.

Setting TPR to 1 and fixing the comments/changelogs still makes sense
independently.

Thanks,

tglx

Next message: Dietmar Eggemann: "Re: [RFC PATCH 3/6] sched/dl: Try better placement even for deadline tasks that do not block"
Previous message: Rob Herring: "Re: [PATCH 4/8] dt-bindings: tpm: document properties for cr50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]