|
| From: | David Hildenbrand |
| Subject: | Re: [PATCH PROTOTYPE 3/6] vfio: Implement support for sparse RAM memory regions |
| Date: | Wed, 18 Nov 2020 20:20:05 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 |
So it's about the malicious guests. I agree with you that we can try to limit above from happening, e.g. by teaching vfio_get_xlat_addr() to fail when it's going to map some unplugged range of virtio-mem device.
Exactly.
Or... imho, we may not even need to worry too much on those misuses of virtio-mem? As long as the issue is self-contained within the buggy VM/process. E.g., the worst case of such a malicious guest is to fiddle around the maximum allowed memory size granted to the virtio-mem device to either have pages incorrectly pinned, or some strange IOVA mapped to unplugged pages within that range. As long as it won't affect other VMs and the host, and qemu won't crash with that, then it seems ok.
Indeed, I have the same thoughts.The only "ugly" thing is that our VM might not only consume more memory than intended, but also pin that memory (unmovable, unswappable ...). So I'm thinking about at least doing a warn_report_once() until we have some approach to handle that - for environments that might care about this.
Thanks for looking into this! -- Thanks, David / dhildenb
| [Prev in Thread] | Current Thread | [Next in Thread] |