[Ksummit-discuss] [CORE TOPIC] Device error handling / reporting / isolation
Benjamin Herrenschmidt
benh at kernel.crashing.org
Wed May 14 01:42:45 UTC 2014
On Fri, 2014-05-09 at 12:37 -0700, Josh Triplett wrote:
> I'm interested in a related topic: we should systematically use IOMMUs
> and similar hardware features to protect against buggy or *malicious*
> hardware devices. Consider a laptop with an ExpressCard port: plug in a
> device and you have full PCIe access. (The same goes for other systems
> if you open up the case.) We should ensure that devices with no device
> driver have zero privileges, and devices with a device driver have
> carefully whitelisted privileges.
On the other hand, we have been going backward implementing iommu bypass
on power for non-virtualized systems because of the performance cost of
the IOMMU which can be non-trivial, especially for network devices.
It becomes a policy decision, which is fine, however, having a "generic"
way to configure that policy, possibly per-adapter, rather than each IOMMU
implementation does its own, would make it a lot palatable on the field.
Cheers,
Ben.
More information about the Ksummit-discuss
mailing list