On Mon, Apr 19, 2021 at 08:24:40PM +0800, liulongfang wrote:
I'm also confused how this works securely at all, as a general rule a VFIO PCI driver cannot access the MMIO memory of the function it is planning to assign to the guest. There is a lot of danger that the guest could access that MMIO space one way or another.
VF's MMIO memory is divided into two parts, one is the guest part, and the other is the live migration part. They do not affect each other, so there is no security problem.
AFAIK there are several scenarios where a guest can access this MMIO memory using DMA even if it is not mapped into the guest for CPU access.
If pci_release_mem_regions() is not added here, The guests using pci_request_mem_regions() will return an error. Then, the guest will not be able to obtain the MMIO address of the VF.
Which is why VFIO has this protection to prevent sharing MMIO regions on the VF assigned to the guest
Jason