From: Yongji Xie <xieyongji@bytedance.com>
To: Liuxiangdong <liuxiangdong5@huawei.com>
Cc: "Fangyi (Eric)" <eric.fangyi@huawei.com>,
kvm <kvm@vger.kernel.org>,
linux-fsdevel@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Netdev <netdev@vger.kernel.org>,
virtualization <virtualization@lists.linux-foundation.org>
Subject: Re: [PATCH v9 00/17] Introduce VDUSE - vDPA Device in Userspace
Date: Thu, 16 Dec 2021 11:14:09 +0800 [thread overview]
Message-ID: <CACycT3vbaa-XAjnFA921dC7kXH8WKPXpJ+OXvS-5SdVx8qqgVw@mail.gmail.com> (raw)
In-Reply-To: <61B9BF2C.6070703@huawei.com>
On Wed, Dec 15, 2021 at 6:11 PM Liuxiangdong <liuxiangdong5@huawei.com> wrote:
>
> Hi, yongji.
>
> In vduse patches serial[1], you said "The support for other device types
> can be added after the security issue of corresponding device driver
> is clarified or fixed in the future."
>
> What does this "security issue" mean?
>
> [1]https://lore.kernel.org/all/20210831103634.33-1-xieyongji@bytedance.com/
>
> Do you mean that vduse device is untrusted, so we should check config or
> data transferred
> from vduse to virtio module? Or something others?
Yes, we need to make sure untrusted devices can not do harm to the
kernel. So we need careful auditing for the device driver before we
add more device types.
> Because I found you added some validation in virtio module just like
> this patch[2].
>
> [2]https://lore.kernel.org/lkml/20210531135852.113-1-xieyongji@bytedance.com/
>
Other efforts are shown below:
https://lwn.net/Articles/865216/
https://lwn.net/Articles/872648/
Thanks,
Yongji
prev parent reply other threads:[~2021-12-16 3:14 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-13 8:46 [PATCH v9 00/17] Introduce VDUSE - vDPA Device in Userspace Xie Yongji
2021-07-13 8:46 ` [PATCH v9 01/17] iova: Export alloc_iova_fast() and free_iova_fast() Xie Yongji
2021-07-13 8:46 ` [PATCH v9 02/17] file: Export receive_fd() to modules Xie Yongji
2021-07-13 8:46 ` [PATCH v9 03/17] vdpa: Fix code indentation Xie Yongji
2021-07-14 4:20 ` Joe Perches
2021-07-14 5:48 ` Yongji Xie
2021-07-13 8:46 ` [PATCH v9 04/17] vdpa: Fail the vdpa_reset() if fail to set device status to zero Xie Yongji
2021-07-13 8:46 ` [PATCH v9 05/17] vhost-vdpa: Fail the vhost_vdpa_set_status() on reset failure Xie Yongji
2021-07-13 8:46 ` [PATCH v9 06/17] vhost-vdpa: Handle the failure of vdpa_reset() Xie Yongji
2021-07-13 8:46 ` [PATCH v9 07/17] virtio: Don't set FAILED status bit on device index allocation failure Xie Yongji
2021-07-13 11:02 ` Dan Carpenter
2021-07-13 11:25 ` Yongji Xie
2021-07-13 8:46 ` [PATCH v9 08/17] virtio_config: Add a return value to reset function Xie Yongji
2021-07-13 8:46 ` [PATCH v9 09/17] virtio-vdpa: Handle the failure of vdpa_reset() Xie Yongji
2021-07-13 8:46 ` [PATCH v9 10/17] virtio: Handle device reset failure in register_virtio_device() Xie Yongji
2021-07-13 8:46 ` [PATCH v9 11/17] vhost-iotlb: Add an opaque pointer for vhost IOTLB Xie Yongji
2021-07-13 8:46 ` [PATCH v9 12/17] vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() Xie Yongji
2021-07-13 8:46 ` [PATCH v9 13/17] vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() Xie Yongji
2021-07-13 11:31 ` Dan Carpenter
2021-07-14 2:14 ` Jason Wang
2021-07-14 8:05 ` Dan Carpenter
2021-07-14 9:41 ` Jason Wang
2021-07-14 9:57 ` Dan Carpenter
2021-07-15 2:20 ` Jason Wang
2021-07-14 5:24 ` Yongji Xie
2021-07-13 8:46 ` [PATCH v9 14/17] vdpa: Support transferring virtual addressing during DMA mapping Xie Yongji
2021-07-13 8:46 ` [PATCH v9 15/17] vduse: Implement an MMU-based IOMMU driver Xie Yongji
2021-07-13 8:46 ` [PATCH v9 16/17] vduse: Introduce VDUSE - vDPA Device in Userspace Xie Yongji
2021-07-13 13:27 ` Dan Carpenter
2021-07-14 2:54 ` Jason Wang
2021-07-14 5:45 ` Yongji Xie
2021-07-14 5:45 ` Jason Wang
2021-07-14 5:54 ` Michael S. Tsirkin
2021-07-14 6:02 ` Jason Wang
2021-07-14 6:47 ` Greg KH
2021-07-14 8:56 ` Jason Wang
2021-07-14 6:49 ` Yongji Xie
2021-07-14 9:12 ` Jason Wang
2021-07-15 4:03 ` Yongji Xie
2021-07-15 5:00 ` Jason Wang
2021-07-13 8:46 ` [PATCH v9 17/17] Documentation: Add documentation for VDUSE Xie Yongji
2021-07-15 5:18 ` Jason Wang
2021-07-15 7:27 ` Yongji Xie
2021-12-15 10:10 ` [PATCH v9 00/17] Introduce VDUSE - vDPA Device in Userspace Liuxiangdong
2021-12-16 3:14 ` Yongji Xie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACycT3vbaa-XAjnFA921dC7kXH8WKPXpJ+OXvS-5SdVx8qqgVw@mail.gmail.com \
--to=xieyongji@bytedance.com \
--cc=eric.fangyi@huawei.com \
--cc=kvm@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liuxiangdong5@huawei.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).