lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250919115650.GT1326709@ziepe.ca>
Date: Fri, 19 Sep 2025 08:56:50 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Keith Busch <kbusch@...nel.org>
Cc: Alex Mastro <amastro@...com>,
	Alex Williamson <alex.williamson@...hat.com>,
	Kevin Tian <kevin.tian@...el.com>,
	Bjorn Helgaas <bhelgaas@...gle.com>, David Reiss <dreiss@...a.com>,
	Joerg Roedel <joro@...tes.org>, Leon Romanovsky <leon@...nel.org>,
	Li Zhe <lizhe.67@...edance.com>, Mahmoud Adam <mngyadam@...zon.de>,
	Philipp Stanner <pstanner@...hat.com>,
	Robin Murphy <robin.murphy@....com>,
	Vivek Kasireddy <vivek.kasireddy@...el.com>,
	Will Deacon <will@...nel.org>, Yunxiang Li <Yunxiang.Li@....com>,
	linux-kernel@...r.kernel.org, iommu@...ts.linux.dev,
	kvm@...r.kernel.org
Subject: Re: [TECH TOPIC] vfio, iommufd: Enabling user space drivers to vend
 more granular access to client processes

On Thu, Sep 18, 2025 at 05:24:54PM -0600, Keith Busch wrote:
> I read this as more about having the granularity to automatically
> release resources associated with a client process when it dies (as
> mentioned below) rather than relying on the bootstrapping process to
> manage it all. Not really about hostile ioctls, but that an ungraceful
> ending of some client workload doesn't even send them.

You could achieve this between co-operating processes by monitoring
the child with a pidfd, or handing it a pipe and watching for the pipe
to close..

> > > - It would be nice if mappings created with the restricted IOMMU fd were
> > >   automatically freed when the underlying kernel object was freed (if the client
> > >   process were to exit ungracefully without explicitly performing unmap cleanup
> > >   after itself).
> > 
> > Maybe the BPF could trigger an eventfd or something when the FD closes?
> 
> I wouldn't have considered a BPF dependency for this. I'll need to think
> about that one for a moment.

Well, if you are going to be using BPF for policy then may as well use
it for all policy. It would not be hard to also invoke the BPF duing
the file descriptor close and presumably it can somehow to signal the
vendor process in some easy BPF way?

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ