linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alex Williamson <alex.williamson@redhat.com>
To: Max Gurtovoy <mgurtovoy@nvidia.com>
Cc: <cohuck@redhat.com>, <kvm@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <jgg@nvidia.com>,
	<aviadye@nvidia.com>, <oren@nvidia.com>, <shahafs@nvidia.com>,
	<parav@nvidia.com>, <artemp@nvidia.com>, <kwankhede@nvidia.com>,
	<ACurrid@nvidia.com>, <cjia@nvidia.com>, <yishaih@nvidia.com>,
	<kevin.tian@intel.com>, <hch@infradead.org>,
	<targupta@nvidia.com>, <shameerali.kolothum.thodi@huawei.com>,
	<liulongfang@huawei.com>, <yan.y.zhao@intel.com>
Subject: Re: [PATCH 09/11] PCI: add matching checks for driver_override binding
Date: Tue, 8 Jun 2021 15:26:43 -0600	[thread overview]
Message-ID: <20210608152643.2d3400c1.alex.williamson@redhat.com> (raw)
In-Reply-To: <20210603160809.15845-10-mgurtovoy@nvidia.com>

On Thu, 3 Jun 2021 19:08:07 +0300
Max Gurtovoy <mgurtovoy@nvidia.com> wrote:

> Allowing any driver in the system to be unconditionally bound to any
> PCI HW is dangerous. Connecting a driver to a physical HW device it was
> never intended to operate may trigger exploitable kernel bugs, or worse.
> It also allows userspace to load and run kernel code that otherwise
> would never be runnable on the system.

This is just another way that an admin can do bad things, with the
intention that they know what they're doing and if not they get to
keep the pieces.  There's also still the new_id scheme for binding the
wrong drivers to devices, so the hole this claims to be addressing is
still fully present.

> driver_override was designed to make it easier to load vfio_pci, so

Actually driver_override was designed to resolve the non-deterministic
behavior of new_id, which allows inserting dynamic match entries.  The
problem is those match entries match any device that might come along
during the time window when userspace is trying to bind a specific
device to a specific driver.  driver_override flipped the problem to
match a device to a driver rather than vice versa.  Other bus types
have since adopted driver_override interfaces as well.

> focus it on that single use case. driver_override will only work on

It's used for other use cases across numerous bus types now.  For
instance, how can I user driver_override to bind pci-stub to a device
after this?  driverctl(8) uses driver_override to perform arbitrary
driver overrides, this breaks all but the vfio-pci use case.

> drivers that specifically opt into this feature and the driver now has
> the opportunity to provide a proper match table that indicates what HW
> it can properly support. vfio-pci continues to support everything.

In doing so, this also breaks the new_id method for vfio-pci.  Sorry,
with so many userspace regressions, crippling the driver_override
interface with an assumption of such a narrow focus, creating a vfio
specific match flag, I don't see where this can go.  Thanks,

Alex


  reply	other threads:[~2021-06-08 21:26 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-03 16:07 [RFC PATCH v4 00/11] Introduce vfio-pci-core subsystem Max Gurtovoy
2021-06-03 16:07 ` [PATCH 01/11] vfio-pci: rename vfio_pci.c to vfio_pci_core.c Max Gurtovoy
2021-06-03 16:08 ` [PATCH 02/11] vfio-pci: rename vfio_pci_private.h to vfio_pci_core.h Max Gurtovoy
2021-06-03 16:08 ` [PATCH 03/11] vfio-pci: rename vfio_pci_device to vfio_pci_core_device Max Gurtovoy
2021-06-03 16:08 ` [PATCH 04/11] vfio-pci: rename ops functions to fit core namings Max Gurtovoy
2021-06-03 16:08 ` [PATCH 05/11] vfio-pci: include vfio header in vfio_pci_core.h Max Gurtovoy
2021-06-03 16:08 ` [PATCH 06/11] vfio-pci: introduce vfio_pci.c Max Gurtovoy
2021-06-03 16:08 ` [PATCH 07/11] vfio-pci: move igd initialization to vfio_pci.c Max Gurtovoy
2021-06-03 16:08 ` [PATCH 08/11] PCI: add flags field to pci_device_id structure Max Gurtovoy
2021-06-03 16:08 ` [PATCH 09/11] PCI: add matching checks for driver_override binding Max Gurtovoy
2021-06-08 21:26   ` Alex Williamson [this message]
2021-06-08 22:45     ` Jason Gunthorpe
2021-06-09  1:27       ` Alex Williamson
2021-06-09  9:26         ` Max Gurtovoy
2021-06-13  8:19         ` Max Gurtovoy
2021-06-14  5:40           ` Christoph Hellwig
2021-06-14  8:18             ` Max Gurtovoy
2021-06-14 15:27               ` Christoph Hellwig
2021-06-14 16:01                 ` Jason Gunthorpe
2021-06-14 16:15                   ` Christoph Hellwig
2021-06-14 16:33                     ` Jason Gunthorpe
2021-06-14 18:42           ` Alex Williamson
2021-06-14 23:12             ` Max Gurtovoy
2021-06-15 15:00               ` Alex Williamson
2021-06-15 15:04                 ` Jason Gunthorpe
2021-06-15 16:20                   ` Alex Williamson
2021-06-15 20:42                     ` Jason Gunthorpe
2021-06-15 21:59                       ` Alex Williamson
2021-06-15 23:00                         ` Jason Gunthorpe
2021-06-15 23:22                           ` Alex Williamson
2021-06-15 23:32                             ` Jason Gunthorpe
2021-06-16  0:22                               ` Alex Williamson
2021-06-16  0:34                                 ` Jason Gunthorpe
2021-06-16 23:28                                   ` Max Gurtovoy
2021-06-16 23:33                                     ` Jason Gunthorpe
2021-06-16 23:42                                       ` Max Gurtovoy
2021-06-16 23:44                                         ` Jason Gunthorpe
2021-06-16 23:51                                           ` Max Gurtovoy
2021-06-16 23:56                                             ` Jason Gunthorpe
2021-06-20 14:46                                               ` Max Gurtovoy
2021-06-03 16:08 ` [PATCH 10/11] vfio-pci: introduce vfio_pci_core subsystem driver Max Gurtovoy
2021-06-08 21:26   ` Alex Williamson
2021-06-09  9:29     ` Max Gurtovoy
2021-06-03 16:08 ` [PATCH 11/11] mlx5-vfio-pci: add new vfio_pci driver for mlx5 devices Max Gurtovoy
2021-07-30  7:53 ` [RFC PATCH v4 00/11] Introduce vfio-pci-core subsystem Shameerali Kolothum Thodi
2021-07-30 11:55   ` Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210608152643.2d3400c1.alex.williamson@redhat.com \
    --to=alex.williamson@redhat.com \
    --cc=ACurrid@nvidia.com \
    --cc=artemp@nvidia.com \
    --cc=aviadye@nvidia.com \
    --cc=cjia@nvidia.com \
    --cc=cohuck@redhat.com \
    --cc=hch@infradead.org \
    --cc=jgg@nvidia.com \
    --cc=kevin.tian@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=kwankhede@nvidia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=liulongfang@huawei.com \
    --cc=mgurtovoy@nvidia.com \
    --cc=oren@nvidia.com \
    --cc=parav@nvidia.com \
    --cc=shahafs@nvidia.com \
    --cc=shameerali.kolothum.thodi@huawei.com \
    --cc=targupta@nvidia.com \
    --cc=yan.y.zhao@intel.com \
    --cc=yishaih@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).