| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250401141138.GE186258@ziepe.ca> Date: Tue, 1 Apr 2025 11:11:38 -0300 From: Jason Gunthorpe <jgg@...pe.ca> To: "Tian, Kevin" <kevin.tian@...el.com> Cc: Wathsala Wathawana Vithanage <wathsala.vithanage@....com>, Alex Williamson <alex.williamson@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, nd <nd@....com>, Philipp Stanner <pstanner@...hat.com>, Yunxiang Li <Yunxiang.Li@....com>, "Dr. David Alan Gilbert" <linux@...blig.org>, Ankit Agrawal <ankita@...dia.com>, "open list:VFIO DRIVER" <kvm@...r.kernel.org>, Dhruv Tripathi <Dhruv.Tripathi@....com>, "Nagarahalli, Honnappa" <Honnappa.Nagarahalli@....com>, Jeremy Linton <Jeremy.Linton@....com> Subject: Re: [RFC PATCH] vfio/pci: add PCIe TPH to device feature ioctl On Wed, Mar 12, 2025 at 07:53:17AM +0000, Tian, Kevin wrote: > Probably we should not allow device-specific mode unless the user is > capable of CAP_SYS_RAWIO? It allows an user to pollute caches on > CPUs which its processes are not affined to, hence could easily break > SLAs which CSPs try to achieve... I'm not sure this is within the threat model for VFIO though.. qemu or the operator needs to deal with this by not permiting such HW to go into a VM. Really we can't block device specific mode anyhow because we can't even discover it on the kernel side.. Jason
Powered by blists - more mailing lists