[PATCH v6 14/14] iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations

Tian, Kevin kevin.tian at intel.com
Mon Feb 17 21:24:08 PST 2025


> From: Nicolin Chen <nicolinc at nvidia.com>
> Sent: Saturday, January 25, 2025 8:31 AM
> 
> There is a DoS concern on the shared hardware event queue among devices
> passed through to VMs, that too many translation failures that belong to
> VMs could overflow the shared hardware event queue if those VMs or their
> VMMs don't handle/recover the devices properly.

This statement is not specific to the nested configuration.

> 
> The MEV bit in the STE allows to configure the SMMU HW to merge similar
> event records, though there is no guarantee. Set it in a nested STE for
> DoS mitigations.

Is MEV available only in nested mode? Otherwise it perhaps makes
sense to turn it on in all configurations in IOMMUFD paths...



More information about the linux-arm-kernel mailing list