[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aa38c1f0-d0a3-fc4e-22ac-0359f6f72d84@redhat.com>
Date: Thu, 14 Mar 2019 17:00:07 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Andrea Arcangeli <aarcange@...hat.com>,
Peter Xu <peterx@...hat.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
LKML <linux-kernel@...r.kernel.org>,
Hugh Dickins <hughd@...gle.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Maxime Coquelin <maxime.coquelin@...hat.com>,
kvm@...r.kernel.org, Jerome Glisse <jglisse@...hat.com>,
Pavel Emelyanov <xemul@...tuozzo.com>,
Johannes Weiner <hannes@...xchg.org>,
Martin Cracauer <cracauer@...s.org>,
Denis Plotnikov <dplotnikov@...tuozzo.com>,
linux-mm <linux-mm@...ck.org>,
Marty McFadden <mcfadden8@...l.gov>,
Maya Gokhale <gokhale2@...l.gov>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Kees Cook <keescook@...omium.org>,
Mel Gorman <mgorman@...e.de>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Linux-Fsdevel <linux-fsdevel@...r.kernel.org>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH 0/3] userfaultfd: allow to forbid unprivileged users
On 14/03/19 16:23, Alexei Starovoitov wrote:
> On Thu, Mar 14, 2019 at 4:00 AM Paolo Bonzini <pbonzini@...hat.com> wrote:
>>
>> On 14/03/19 00:44, Andrea Arcangeli wrote:
>>> Then I thought we can add a tristate so an open of /dev/kvm would also
>>> allow the syscall to make things more user friendly because
>>> unprivileged containers ideally should have writable mounts done with
>>> nodev and no matter the privilege they shouldn't ever get an hold on
>>> the KVM driver (and those who do, like kubevirt, will then just work).
>>
>> I wouldn't even bother with the KVM special case. Containers can use
>> seccomp if they want a fine-grained policy.
>>
>> (Actually I wouldn't bother with the knob at all; the attack surface of
>> userfaultfd is infinitesimal compared to the BPF JIT...).
>
> please name _one_ BPF JIT bug that affected unprivileged user space.
I didn't say there were any bugs, I talked about attack surface. The
potential impact would obviously be much bigger and, even leaving the
JIT aside, the userspace API is much more complex.
All this is just about paranoia, not about past experience.
Paolo
Powered by blists - more mailing lists