lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230307162839.2236640d.alex.williamson@redhat.com>
Date:   Tue, 7 Mar 2023 16:28:39 -0700
From:   Alex Williamson <alex.williamson@...hat.com>
To:     "Tian, Kevin" <kevin.tian@...el.com>
Cc:     Jason Gunthorpe <jgg@...pe.ca>,
        "K V P, Satyanarayana" <satyanarayana.k.v.p@...el.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "cohuck@...hat.com" <cohuck@...hat.com>
Subject: Re: [PATCH] vfio/pci: Add DVSEC PCI Extended Config Capability to
 user visible list.

On Tue, 7 Mar 2023 05:54:46 +0000
"Tian, Kevin" <kevin.tian@...el.com> wrote:

> > From: Jason Gunthorpe <jgg@...pe.ca>
> > Sent: Monday, March 6, 2023 9:58 PM
> > 
> > On Fri, Mar 03, 2023 at 05:54:26AM +0000, K V P, Satyanarayana wrote:  
> > > Intel Platform Monitoring Technology (PMT) support is indicated by  
> > presence  
> > > of an Intel defined PCIe Designated Vendor Specific Extended Capabilities
> > > (DVSEC) structure with a PMT specific ID.However DVSEC structures may  
> > also  
> > > be used by Intel to indicate support for other features. The Out Of Band  
> > Management  
> > > Services Module (OOBMSM) uses DVSEC to enumerate several features,  
> > including PMT.  
> > >
> > > The current VFIO driver does not pass DVSEC capabilities to virtual machine  
> > (VM)  
> > > which makes intel_vsec driver not to work in the VM. This series adds  
> > DVSEC  
> > > capability to user visible list to allow its use with VFIO.
> > >
> > > Signed-off-by: K V P Satyanarayana <satyanarayana.k.v.p@...el.com>
> > > ---
> > >  drivers/vfio/pci/vfio_pci_config.c | 8 ++++++++
> > >  1 file changed, 8 insertions(+)  
> > 
> > Wasn't the IDXD/SIOV team proposing to use the fact that DVSEC doesn't
> > propogate to indicate that IMS doesn't work?
> > 
> > Did this plan get abandoned? It seems at odds with this patch.  
> 
> No. Guest IMS will be indicated via hypercall/vIR as planned. 

Thank goodness, basing a feature on the absence of a capability that's
subject to change would have really put us, or IMS, in a corner.

> > Why would you use a "Platform Monitoring Technology" device with VFIO
> > anyhow?  
> 
> Ack. I guess it's a monitoring capability per PCI device to form a
> platform-level monitoring technology. But w/o all those background
> and usage description it's really strange to pass a 'platform' capability
> into a guest.

Is this perhaps for validation of the device, because yes, assigning
platform devices to a VM doesn't seem like something a system vendor
would tend to promote.

> > Honestly I'm a bit reluctant to allow arbitary config space, some of
> > the stuff people put there can be dangerous.
> >   
> 
> Probably an allowed list to manage which DVSEC ID can be exposed
> to userspace via vfio-pci, e.g. if the PMT ID in this patch is proved
> to be safe for a meaningful usage?

Well, let me take this a different direction because the support
proposed here only allows read-only access to the DVSEC capability.  Is
that actually useful?  Drivers making use of write access to DVSEC are
going to fail in unpredictable ways if their writes are dropped.  That
seems worse than our current state of hiding it.

We already provide raw write access to both the standard and extended
vendor specific capabilities, why wouldn't we by default do the same
for DVSEC?  Devices aren't limited to config space if they want to do
something dangerous, at some point we need to rely on platform
isolation.

If there are underlying concerns here, then we probably need some sort
of opt-in policy which restricts vfio-pci from binding to anything but
VFs.  Thanks,

Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ