lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 Apr 2018 03:40:55 +0300
From:   "Michael S. Tsirkin" <mst@...hat.com>
To:     Alexander Duyck <alexander.duyck@...il.com>
Cc:     "Daly, Dan" <dan.daly@...el.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        "Duyck, Alexander H" <alexander.h.duyck@...el.com>,
        linux-pci@...r.kernel.org, virtio-dev@...ts.oasis-open.org,
        kvm@...r.kernel.org, Netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-nvme@...ts.infradead.org,
        Keith Busch <keith.busch@...el.com>, netanel@...zon.com,
        Don Dutile <ddutile@...hat.com>,
        Maximilian Heyne <mheyne@...zon.de>,
        "Wang, Liang-min" <liang-min.wang@...el.com>,
        "Rustad, Mark D" <mark.d.rustad@...el.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Christoph Hellwig <hch@....de>, dwmw@...zon.co.uk
Subject: Re: [virtio-dev] [pci PATCH v7 2/5] virtio_pci: Add support for
 unmanaged SR-IOV on virtio_pci devices

On Tue, Apr 03, 2018 at 12:06:03PM -0700, Alexander Duyck wrote:
> On Tue, Apr 3, 2018 at 11:27 AM, Michael S. Tsirkin <mst@...hat.com> wrote:
> > On Tue, Apr 03, 2018 at 10:32:00AM -0700, Alexander Duyck wrote:
> >> On Tue, Apr 3, 2018 at 6:12 AM, Michael S. Tsirkin <mst@...hat.com> wrote:
> >> > On Fri, Mar 16, 2018 at 09:40:34AM -0700, Alexander Duyck wrote:
> >> >> On Fri, Mar 16, 2018 at 9:34 AM, Michael S. Tsirkin <mst@...hat.com> wrote:
> >> >> > On Thu, Mar 15, 2018 at 11:42:41AM -0700, Alexander Duyck wrote:
> >> >> >> From: Alexander Duyck <alexander.h.duyck@...el.com>
> >> >> >>
> >> >> >> Hardware-realized virtio_pci devices can implement SR-IOV, so this
> >> >> >> patch enables its use. The device in question is an upcoming Intel
> >> >> >> NIC that implements both a virtio_net PF and virtio_net VFs. These
> >> >> >> are hardware realizations of what has been up to now been a software
> >> >> >> interface.
> >> >> >>
> >> >> >> The device in question has the following 4-part PCI IDs:
> >> >> >>
> >> >> >> PF: vendor: 1af4 device: 1041 subvendor: 8086 subdevice: 15fe
> >> >> >> VF: vendor: 1af4 device: 1041 subvendor: 8086 subdevice: 05fe
> >> >> >>
> >> >> >> The patch currently needs no check for device ID, because the callback
> >> >> >> will never be made for devices that do not assert the capability or
> >> >> >> when run on a platform incapable of SR-IOV.
> >> >> >>
> >> >> >> One reason for this patch is because the hardware requires the
> >> >> >> vendor ID of a VF to be the same as the vendor ID of the PF that
> >> >> >> created it. So it seemed logical to simply have a fully-functioning
> >> >> >> virtio_net PF create the VFs. This patch makes that possible.
> >> >> >>
> >> >> >> Reviewed-by: Christoph Hellwig <hch@....de>
> >> >> >> Signed-off-by: Mark Rustad <mark.d.rustad@...el.com>
> >> >> >> Signed-off-by: Alexander Duyck <alexander.h.duyck@...el.com>
> >> >> >
> >> >> > So if and when virtio PFs can manage the VFs, then we can
> >> >> > add a feature bit for that?
> >> >> > Seems reasonable.
> >> >>
> >> >> Yes. If nothing else you may not even need a feature bit depending on
> >> >> how things go.
> >> >
> >> > OTOH if the interface is changed in an incompatible way,
> >> > and old Linux will attempt to drive the new device
> >> > since there is no check.
> >> >
> >> > I think we should add a feature bit right away.
> >>
> >> I'm not sure why you would need a feature bit. The capability is
> >> controlled via PCI configuration space. If it is present the device
> >> has the capability. If it is not then it does not.
> >>
> >> Basically if the PCI configuration space is not present then the sysfs
> >> entries will not be spawned and nothing will attempt to use this
> >> function.
> >>
> >> - ALex
> >
> > It's about compability with older guests which ignore the
> > capability.
> >
> > The feature is thus helpful so host knows whether guest supports VFs.
> 
> The thing is if the capability is ignored then the feature isn't used.
> So for SR-IOV it isn't an uncommon thing for there to be drivers for
> the PF floating around that do not support SR-IOV. In such cases
> SR-IOV just isn't used while the hardware could support it.

Right but how come there are VF drivers but PF driver does not
know about these?

And are there PF drivers that intentially do not enable SRIOV
because it's known to be broken in some way?

Case in point I do think virtio want to limit this
depending on a feature bit on general principles
(the principle being that all extensions have feature bits).

There are security implications here - we previously relied on
whitelisting after all.

Wouldn't it be safer to be a bit more careful and update the
actual PF drivers? It's just one line per driver, but it
can be done with an ack by driver maintainer.
If/once we find out all drivers do have it, we can then
change the default.

> I would think in the case of virtio it would be the same kind of
> thing. Basically if SR-IOV is supported by the host then the
> capability would be present. If SR-IOV is supported by the guest then
> it would make use of the capability to spawn VFs. If either the
> capability isn't present, or the driver doesn't use it then you won't
> be able to spawn VFs in the guest.

> Maybe I am missing something. Do you support dynamically changing the
> PCI configuration space for Virtio devices based on the presence of
> feature bits provided by the guest?

No. The point is that IMHO at least virtio - in absence of feature bit -
to ignore VFs rather than assume they are safe to drive
in an unmanaged way.

> Also are you saying this patch set should wait on the feature bit to
> be added, or are you talking about doing this as some sort of
> follow-up?
> 
> - Alex

I think for virtio it should include the feature bit, yes.
Adding feature bit is very easy - post a patch to the virtio TC mailing
list, wait about a week to give people time to respond (two weeks if it
is around holidays and such).

-- 
MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ