On Wed, May 23, 2018 at 05:33:34PM +0300, Michael S. Tsirkin wrote: > On Fri, May 18, 2018 at 03:25:17PM +0800, Peter Xu wrote: > > SECURITY IMPLICATION: this patch will fix a potential small window that > > the DMA page table might be incomplete or invalid when the guest sends > > domain/context invalidations to a device. It can cause random DMA > > errors for assigned devices. > > So this is more a correctness IMO. I don't see how can > e.g. an application within guest cause any mischief > with this, it will just get a non working device.
Yes, you are right. It causes valid mappings missing so there's no risk to anyone but only unfunction. I should remove the "SECURITY IMPLICATION" wordings. Thanks, -- Peter Xu