lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 6 Jun 2010 12:54:51 +0300
From:	"Michael S. Tsirkin" <mst@...hat.com>
To:	Tom Lyon <pugs@...n-about.com>
Cc:	Avi Kivity <avi@...hat.com>, Chris Wright <chrisw@...s-sol.org>,
	Joerg Roedel <joro@...tes.org>, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org, hjk@...utronix.de, gregkh@...e.de,
	aafabbri@...co.com, scofeldm@...co.com
Subject: Re: [PATCH] VFIO driver: Non-privileged user level PCI drivers

On Thu, Jun 03, 2010 at 02:41:38PM -0700, Tom Lyon wrote:
> OK, in the interest of making progress, I am about to embark on the following:
> 
> 1. Create a user-iommu-domain driver - opening it will give a new empty domain.
>     Ultimately this can also populate sysfs with the state of its world, which would
>     also be a good addition to the base iommu stuff.
>     If someone closes the fd while in use, the domain stays valid anyway until users
>     drop off.
> 
> 2. Add DOMAIN_SET and DOMAIN_UNSET ioctls to the vfio driver.  Require that
>    a domain be set before using the VFIO_DMA_MAP_IOVA ioctl

Require domain to be set before you allow any access to the device:
mmap, write, read.  IMO this is the only safe way to make sure userspace
does not corrupt memory, and this removes the need to special-case
MSI memory, play with bus master enable and hope it can be cleared without
reset, etc.

> (this is the one
>    that KVM wants).

Not sure I understand. I think that MAP should be done on the domain,
not the device, this handles pinning pages correctly and
this way you don't need any special checks.

>    However, the VFIO_DMA_MAP_ANYWHERE ioctl is the one
>    which uses the dma_sg interface which has no expicit control of domains. I
>    intend to keep it the way it is, but expect only non-hypervisor programs would
>    want to use it.

If we support MAP_IOVA, why is MAP_ANYWHERE useful? Can't
non-hypervisors just pick an address?

> 3. Clean up the docs and other nits that folks have found.
> 
> Comments? 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ