| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1371441361.21896.152.camel@pasglop> Date: Mon, 17 Jun 2013 13:56:01 +1000 From: Benjamin Herrenschmidt <benh@...nel.crashing.org> To: Alex Williamson <alex.williamson@...hat.com> Cc: Alexey Kardashevskiy <aik@...abs.ru>, linuxppc-dev@...ts.ozlabs.org, David Gibson <david@...son.dropbear.id.au>, Alexander Graf <agraf@...e.de>, Paul Mackerras <paulus@...ba.org>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, kvm-ppc@...r.kernel.org Subject: Re: [PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling On Sun, 2013-06-16 at 21:13 -0600, Alex Williamson wrote: > IOMMU groups themselves don't provide security, they're accessed by > interfaces like VFIO, which provide the security. Given a brief look, I > agree, this looks like a possible backdoor. The typical VFIO way to > handle this would be to pass a VFIO file descriptor here to prove that > the process has access to the IOMMU group. This is how /dev/vfio/vfio > gains the ability to setup an IOMMU domain an do mappings with the > SET_CONTAINER ioctl using a group fd. Thanks, How do you envision that in the kernel ? IE. I'm in KVM code, gets that vfio fd, what do I do with it ? Basically, KVM needs to know that the user is allowed to use that iommu group. I don't think we want KVM however to call into VFIO directly right ? Cheers, Ben. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists