lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201004090934.16891.pugs@lyon-about.com>
Date:	Fri, 9 Apr 2010 09:34:16 -0700
From:	Tom Lyon <pugs@...n-about.com>
To:	Avi Kivity <avi@...hat.com>
Cc:	Greg KH <gregkh@...e.de>, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org, "Hans J. Koch" <hjk@...utronix.de>
Subject: Re: [PATCH 0/1] uio_pci_generic: extensions to allow access for	non-privileged processes

On Friday 09 April 2010 02:58:19 am Avi Kivity wrote:
> On 04/02/2010 08:05 PM, Greg KH wrote:
> >
> >> Currently kvm does device assignment with its own code, I'd like to unify
> >> it with uio, not split it off.
> >>
> >> Separate notifications for msi-x interrupts are just as useful for uio as
> >> they are for kvm.
> >>      
> > I agree, there should not be a difference here for KVM vs. the "normal"
> > version.
> >    
> 
> Just so you know what you got into, here are the kvm requirements:
> 
> - msi interrupts delivered via eventfd (these allow us to inject 
> interrupts from uio to a guest without going through userspace)
Check.
> - nonlinear iommu mapping (i.e. map discontiguous ranges of the device 
> address space into ranges of the virtual address space)
Check.
> - dynamic iommu mapping (support guest memory hotplug)
Check.
> - unprivileged operation once an admin has assigned a device (my 
> preferred implementation is to have all operations go through an fd, 
> which can be passed via SCM_RIGHTS from a privileged application that 
> opens the file)
Check.
> - access to all config space, but BARs must be translated so userspace 
> cannot attack the host
Please elaborate. All of PCI config? All of PCIe config? Seems like a huge mess.
> - some mechanism which allows us to affine device interrupts with their 
> target vcpus (eventually, this is vague)
Do-able.
> - anything mst might add
mst?
> - a pony
Rainbow or glitter?

The 'check' items are already done, not fully tested; probably available next week.
Can we leave the others for future patches? Please? And I definitely need help with 
the PCI config stuff.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ