lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 7 Mar 2023 05:54:46 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Jason Gunthorpe <jgg@...pe.ca>,
        "K V P, Satyanarayana" <satyanarayana.k.v.p@...el.com>
CC:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "alex.williamson@...hat.com" <alex.williamson@...hat.com>,
        "cohuck@...hat.com" <cohuck@...hat.com>
Subject: RE: [PATCH] vfio/pci: Add DVSEC PCI Extended Config Capability to
 user visible list.

> From: Jason Gunthorpe <jgg@...pe.ca>
> Sent: Monday, March 6, 2023 9:58 PM
> 
> On Fri, Mar 03, 2023 at 05:54:26AM +0000, K V P, Satyanarayana wrote:
> > Intel Platform Monitoring Technology (PMT) support is indicated by
> presence
> > of an Intel defined PCIe Designated Vendor Specific Extended Capabilities
> > (DVSEC) structure with a PMT specific ID.However DVSEC structures may
> also
> > be used by Intel to indicate support for other features. The Out Of Band
> Management
> > Services Module (OOBMSM) uses DVSEC to enumerate several features,
> including PMT.
> >
> > The current VFIO driver does not pass DVSEC capabilities to virtual machine
> (VM)
> > which makes intel_vsec driver not to work in the VM. This series adds
> DVSEC
> > capability to user visible list to allow its use with VFIO.
> >
> > Signed-off-by: K V P Satyanarayana <satyanarayana.k.v.p@...el.com>
> > ---
> >  drivers/vfio/pci/vfio_pci_config.c | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> 
> Wasn't the IDXD/SIOV team proposing to use the fact that DVSEC doesn't
> propogate to indicate that IMS doesn't work?
> 
> Did this plan get abandoned? It seems at odds with this patch.

No. Guest IMS will be indicated via hypercall/vIR as planned. 

> 
> Why would you use a "Platform Monitoring Technology" device with VFIO
> anyhow?

Ack. I guess it's a monitoring capability per PCI device to form a
platform-level monitoring technology. But w/o all those background
and usage description it's really strange to pass a 'platform' capability
into a guest.

> 
> Honestly I'm a bit reluctant to allow arbitary config space, some of
> the stuff people put there can be dangerous.
> 

Probably an allowed list to manage which DVSEC ID can be exposed
to userspace via vfio-pci, e.g. if the PMT ID in this patch is proved
to be safe for a meaningful usage?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ