From: "Tian, Kevin" <kevin.tian@intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>,
Alex Williamson <alex.williamson@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Eric Auger <eric.auger@redhat.com>,
Christoph Hellwig <hch@lst.de>, "Liu, Yi L" <yi.l.liu@intel.com>
Subject: RE: [PATCH 09/10] kvm/vfio: Remove vfio_group from kvm
Date: Fri, 15 Apr 2022 04:21:45 +0000 [thread overview]
Message-ID: <BN9PR11MB5276994F15C8A13C33C600118CEE9@BN9PR11MB5276.namprd11.prod.outlook.com> (raw)
In-Reply-To: <9-v1-33906a626da1+16b0-vfio_kvm_no_group_jgg@nvidia.com>
> From: Jason Gunthorpe <jgg@nvidia.com>
> Sent: Friday, April 15, 2022 2:46 AM
>
> None of the VFIO APIs take in the vfio_group anymore, so we can remove it
> completely.
>
> This has a subtle side effect on the enforced coherency tracking. The
> vfio_group_get_external_user() was holding on to the container_users which
> would prevent the iommu_domain and thus the enforced coherency value
> from
> changing while the group is registered with kvm.
>
> It changes the security proof slightly into 'user must hold a group FD
> that has a device that cannot enforce DMA coherence'. As opening the group
> FD, not attaching the container, is the privileged operation this doesn't
> change the security properties much.
If we allow vfio_file_enforced_coherent() to return error then the security
proof can be sustained? In this case kvm can simply reject adding a group
which is opened but not attached to a container.
Thanks
Kevin
next prev parent reply other threads:[~2022-04-15 4:21 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 18:45 [PATCH 00/10] Remove vfio_group from the struct file facing VFIO API Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 01/10] kvm/vfio: Move KVM_DEV_VFIO_GROUP_* ioctls into functions Jason Gunthorpe
2022-04-15 3:36 ` Tian, Kevin
2022-04-15 7:18 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 02/10] kvm/vfio: Reduce the scope of PPC #ifdefs Jason Gunthorpe
2022-04-15 4:47 ` Christoph Hellwig
2022-04-15 12:13 ` Jason Gunthorpe
2022-04-15 12:35 ` Jason Gunthorpe
2022-04-15 14:36 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 03/10] kvm/vfio: Store the struct file in the kvm_vfio_group Jason Gunthorpe
2022-04-15 3:44 ` Tian, Kevin
2022-04-15 22:24 ` Jason Gunthorpe
2022-04-15 7:20 ` Christoph Hellwig
2022-04-19 19:24 ` Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 04/10] vfio: Use a struct of function pointers instead of a many symbol_get()'s Jason Gunthorpe
2022-04-15 3:57 ` Tian, Kevin
2022-04-15 21:54 ` Jason Gunthorpe
2022-04-16 0:00 ` Tian, Kevin
2022-04-16 1:33 ` Jason Gunthorpe
2022-04-18 3:56 ` Tian, Kevin
2022-04-19 12:16 ` Jason Gunthorpe
2022-04-15 4:45 ` Christoph Hellwig
2022-04-15 12:13 ` Jason Gunthorpe
2022-04-15 14:36 ` Christoph Hellwig
2022-04-15 15:31 ` Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 05/10] vfio: Move vfio_external_user_iommu_id() to vfio_file_ops Jason Gunthorpe
2022-04-15 3:59 ` Tian, Kevin
2022-04-15 7:31 ` Christoph Hellwig
2022-04-15 12:25 ` Jason Gunthorpe
2022-04-15 14:37 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 06/10] vfio: Remove vfio_external_group_match_file() Jason Gunthorpe
2022-04-15 4:02 ` Tian, Kevin
2022-04-15 7:32 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 07/10] vfio: Move vfio_external_check_extension() to vfio_file_ops Jason Gunthorpe
2022-04-15 4:07 ` Tian, Kevin
2022-04-19 19:23 ` Jason Gunthorpe
2022-04-20 3:05 ` Tian, Kevin
2022-04-15 4:48 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 08/10] vfio: Move vfio_group_set_kvm() into vfio_file_ops Jason Gunthorpe
2022-04-15 4:09 ` Tian, Kevin
2022-04-14 18:46 ` [PATCH 09/10] kvm/vfio: Remove vfio_group from kvm Jason Gunthorpe
2022-04-15 4:21 ` Tian, Kevin [this message]
2022-04-15 21:56 ` Jason Gunthorpe
2022-04-16 0:42 ` Tian, Kevin
2022-04-16 1:34 ` Jason Gunthorpe
2022-04-18 6:09 ` Tian, Kevin
2022-04-14 18:46 ` [PATCH 10/10] vfio/pci: Use the struct file as the handle not the vfio_group Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BN9PR11MB5276994F15C8A13C33C600118CEE9@BN9PR11MB5276.namprd11.prod.outlook.com \
--to=kevin.tian@intel.com \
--cc=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=hch@lst.de \
--cc=jgg@nvidia.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.