lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 12 Mar 2018 10:28:36 -0600
From:   Alex Williamson <alex.williamson@...hat.com>
To:     Alexander Duyck <alexander.duyck@...il.com>
Cc:     Christoph Hellwig <hch@....de>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        "Duyck, Alexander H" <alexander.h.duyck@...el.com>,
        linux-pci@...r.kernel.org, virtio-dev@...ts.oasis-open.org,
        kvm@...r.kernel.org, Netdev <netdev@...r.kernel.org>,
        "Daly, Dan" <dan.daly@...el.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-nvme@...ts.infradead.org, keith.busch@...el.com,
        netanel@...zon.com, Maximilian Heyne <mheyne@...zon.de>,
        "Wang, Liang-min" <liang-min.wang@...el.com>,
        "Rustad, Mark D" <mark.d.rustad@...el.com>,
        David Woodhouse <dwmw2@...radead.org>, dwmw@...zon.co.uk
Subject: Re: [pci PATCH v4 1/4] pci-iov: Add support for unmanaged SR-IOV

On Mon, 12 Mar 2018 09:01:54 -0700
Alexander Duyck <alexander.duyck@...il.com> wrote:

> On Mon, Mar 12, 2018 at 12:59 AM, Christoph Hellwig <hch@....de> wrote:
> > On Sun, Mar 11, 2018 at 09:59:09PM -0600, Alex Williamson wrote:  
> >> I still struggle to understand why we need this "unmanaged"
> >> complication and how a user of the sysfs API is expected to have any
> >> idea whether a PF is managed or unmanaged and why they should care.
> >> Can't we just have a pci_simple_sriov_configure() helper and ignore
> >> this unmanaged business?  Thanks,  
> >
> > Just a pci_simple_sriov_configure is exactly what I envisioned originally.  
> 
> I can drop the "unmanaged" bits if that is what is wanted, but based
> on previous conversations I thought there was some concern about the
> kernel loading VFs when there was some foreign entity managing the VFs
> other than the kernel.

My concern has always been whether the PF driver is trusted and by
dropping the vfio bits, the remaining drivers here are native, trusted,
host drivers, so I don't see that we have any reason to consider the
VFs as anything other than trusted as well.  It's VFs where the PF
driver is untrusted, such as a userspace driver, which needs some kind
of quarantine, imo.  Thanks,

Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ