lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhTx72aCwfR7rOCmsscEJBPHkDqdsJePGP6eW=DE0ZUSWA@mail.gmail.com>
Date: Tue, 20 May 2025 14:08:53 -0400
From: Paul Moore <paul@...l-moore.com>
To: Chathura Rajapaksha <chathura.abeyrathne.lk@...il.com>
Cc: Yunxiang.Li@....com, alex.williamson@...hat.com, audit@...r.kernel.org, 
	avihaih@...dia.com, bhelgaas@...gle.com, chath@...edu, eparis@...hat.com, 
	kevin.tian@...el.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	schnelle@...ux.ibm.com, xin.zeng@...el.com, xwill@...edu, yahui.cao@...el.com, 
	zhangdongdong@...incomputing.com
Subject: Re: [PATCH RFC 2/2] audit accesses to unassigned PCI config regions

On Tue, May 20, 2025 at 12:34 PM Chathura Rajapaksha
<chathura.abeyrathne.lk@...il.com> wrote:
> On Fri, May 16, 2025 at 4:41 PM Paul Moore <paul@...l-moore.com> wrote:
>
> > In the commit description you talk about a general PCIe device issue
> > in the first paragraph before going into the specifics of the VFIO
> > driver.  That's all well and good, but it makes me wonder if this
> > audit code above is better done as a generic PCI function that other
> > PCI drivers could use if they had similar concerns?  Please correct
> > me if I'm wrong, but other than symbol naming I don't see anyting
> > above which is specific to VFIO.  Thoughts?
>
> While the issue is independent of VFIO, the security and availability
> concerns arise when guests are able to write to unassigned PCI config
> regions on devices passed through using VFIO. That's why we thought it
> would be better to audit these accesses in the VFIO driver. Given this
> context, do you think it would be more appropriate to audit these
> accesses through a generic PCI function instead?

I would suggest a generic PCI function, e.g. pci_audit_access(...),
that lives in the general PCI code and would be suitable for callers
other than VFIO, that you can call from within vfio_config_do_rw()
when Bad Things happen.

Does that make sense?

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ