lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <75316915-fbae-487a-b710-ce01f088a2ed@nvidia.com>
Date: Tue, 7 Oct 2025 06:51:47 +0000
From: Zhi Wang <zhiw@...dia.com>
To: Jason Gunthorpe <jgg@...dia.com>
CC: John Hubbard <jhubbard@...dia.com>, Alexandre Courbot
	<acourbot@...dia.com>, Danilo Krummrich <dakr@...nel.org>, Joel Fernandes
	<joelagnelf@...dia.com>, Timur Tabi <ttabi@...dia.com>, Alistair Popple
	<apopple@...dia.com>, Surath Mitra <smitra@...dia.com>, David Airlie
	<airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Bjorn Helgaas
	<bhelgaas@...gle.com>, Krzysztof Wilczyński
	<kwilczynski@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor
	<alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo
	<gary@...yguo.net>, Björn Roy Baron
	<bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, Andreas
 Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor
 Gross <tmgross@...ch.edu>, "nouveau@...ts.freedesktop.org"
	<nouveau@...ts.freedesktop.org>, "linux-pci@...r.kernel.org"
	<linux-pci@...r.kernel.org>, "rust-for-linux@...r.kernel.org"
	<rust-for-linux@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Alex
 Williamson <alex.williamson@...hat.com>, Neo Jia <cjia@...dia.com>
Subject: Re: [PATCH 0/2] rust: pci: expose is_virtfn() and reject VFs in
 nova-core

On 2.10.2025 17.31, Jason Gunthorpe wrote:
> On Thu, Oct 02, 2025 at 02:29:09PM +0000, Zhi Wang wrote:
>> On 2.10.2025 16.42, Jason Gunthorpe wrote:
>>> On Thu, Oct 02, 2025 at 12:59:59PM +0000, Zhi Wang wrote:
>>>> On 2.10.2025 14.58, Jason Gunthorpe wrote:
>>>>> On Wed, Oct 01, 2025 at 09:13:33PM +0000, Zhi Wang wrote:
>>>>>
>>>>>> Right, I also mentioned the same use cases of NIC/GPU in another reply
>>>>>> to Danilo. But what I get is NVIDIA doesn't use bare metal VF to support
>>>>>> linux container, 
>>>>>
>>>>> I don't think it matter what "NVIDIA" does - this is the upstream
>>>>> architecture it should be followed unless there is some significant
>>>>> reason.
>>>>
>>>> Hmm. Can you elaborate why?
>>>>
>>>> From the device vendor's stance, they know what is the best approach
>>>> to offer the better the user experience according to their device
>>>> characteristic.
>>>
>>> You can easially push the code to nova core not vfio and make it work
>>> generically, some significant reason is needed beyond "the vendor
>>> doesn't want to".
> 
> You'd have to be more specific, I didn't see really any mediation
> stuff in the vfio driver to explain why the VF in the VM would act so
> differently that it "couldn't work"
> 

From the device vendor’s perspective, we have no support or use case for
a bare-metal VF model, not now and not in the foreseeable future. Even
hypothetically, such support would not come from nova-core.ko, since
that would defeat the purpose of maintaining a trimmed-down kernel
module where minimizing the attack surface and preserving strict
security boundaries are primary design goals.

> Even if there is some small FW issue, it is better to still structure
> things in the normal way and assume it will get fixed sometime later
> than to forever close that door.
> 
> Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ