lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250429134408.GC2260621@ziepe.ca>
Date: Tue, 29 Apr 2025 10:44:08 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Alex Williamson <alex.williamson@...hat.com>
Cc: Chathura Rajapaksha <chathura.abeyrathne.lk@...il.com>,
	kvm@...r.kernel.org, Chathura Rajapaksha <chath@...edu>,
	Paul Moore <paul@...l-moore.com>, Eric Paris <eparis@...hat.com>,
	Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
	Xin Zeng <xin.zeng@...el.com>, Yahui Cao <yahui.cao@...el.com>,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Kevin Tian <kevin.tian@...el.com>,
	Niklas Schnelle <schnelle@...ux.ibm.com>,
	Yunxiang Li <Yunxiang.Li@....com>,
	Dongdong Zhang <zhangdongdong@...incomputing.com>,
	Avihai Horon <avihaih@...dia.com>, linux-kernel@...r.kernel.org,
	audit@...r.kernel.org
Subject: Re: [RFC PATCH 0/2] vfio/pci: Block and audit accesses to unassigned
 config regions

On Mon, Apr 28, 2025 at 02:25:58PM -0600, Alex Williamson wrote:

> PCI config space is a slow path, it's already trapped, and it's
> theoretically architected that we could restrict and audit much of it,
> though some devices do rely on access to unarchitected config space.
> But even within the architected space there are device specific
> capabilities with undocumented protocols, exposing unknown features of
> devices.  Does this incrementally make things better in general, or is
> this largely masking a poorly behaved device/system?

I think there would be merit in having a qemu option to secure the
config space.

We talked about this before about presenting a perscribed virtualized
config space.

But we still have the issue that userpace with access to VFIO could
crash the machine, on these uncontained platforms, which is not great.

It would be nice if the kernel could discover this, but it doesn't
seem possible. There is so much in the SOC design and FW
implementation that has to be done correctly for errors to be properly
containable.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ