| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1371422343.21896.143.camel@pasglop>
Date: Mon, 17 Jun 2013 08:39:03 +1000
From: Benjamin Herrenschmidt <benh@...nel.crashing.org>
To: Alexey Kardashevskiy <aik@...abs.ru>
Cc: linuxppc-dev@...ts.ozlabs.org,
David Gibson <david@...son.dropbear.id.au>,
Alexander Graf <agraf@...e.de>,
Paul Mackerras <paulus@...ba.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, kvm-ppc@...r.kernel.org,
Alex Williamson <alex.williamson@...hat.com>
Subject: Re: [PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling
On Wed, 2013-06-05 at 16:11 +1000, Alexey Kardashevskiy wrote:
> +long kvm_vm_ioctl_create_spapr_tce_iommu(struct kvm *kvm,
> + struct kvm_create_spapr_tce_iommu *args)
> +{
> + struct kvmppc_spapr_tce_table *tt = NULL;
> + struct iommu_group *grp;
> + struct iommu_table *tbl;
> +
> + /* Find an IOMMU table for the given ID */
> + grp = iommu_group_get_by_id(args->iommu_id);
> + if (!grp)
> + return -ENXIO;
> +
> + tbl = iommu_group_get_iommudata(grp);
> + if (!tbl)
> + return -ENXIO;
So Alex Graf pointed out here, there is a security issue here, or are we
missing something ?
What prevents a malicious program that has access to /dev/kvm from
taking over random iommu groups (including host used ones) that way?
What is the security model of that whole iommu stuff to begin with ?
Cheers,
Ben.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists