From: Alex Williamson <alex.williamson@redhat.com>
To: "Liu, Yi L" <yi.l.liu@intel.com>
Cc: "jgg@nvidia.com" <jgg@nvidia.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"nicolinc@nvidia.com" <nicolinc@nvidia.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Hao, Xudong" <xudong.hao@intel.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"Xu, Terrence" <terrence.xu@intel.com>
Subject: Re: [PATCH v5 09/19] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET
Date: Thu, 2 Mar 2023 14:04:48 -0700 [thread overview]
Message-ID: <20230302140448.5a6a748a.alex.williamson@redhat.com> (raw)
In-Reply-To: <DS0PR11MB75295B4B2578765C8B08AC7EC3B29@DS0PR11MB7529.namprd11.prod.outlook.com>
On Thu, 2 Mar 2023 06:07:04 +0000
"Liu, Yi L" <yi.l.liu@intel.com> wrote:
> > From: Liu, Yi L <yi.l.liu@intel.com>
> > Sent: Monday, February 27, 2023 7:11 PM
> [...]
> > @@ -2392,13 +2416,25 @@ static int
> > vfio_pci_dev_set_pm_runtime_get(struct vfio_device_set *dev_set)
> > return ret;
> > }
> >
> > +static bool vfio_dev_in_iommufd_ctx(struct vfio_pci_core_device *vdev,
> > + struct iommufd_ctx *iommufd_ctx)
> > +{
> > + struct iommufd_ctx *iommufd = vfio_device_iommufd(&vdev-
> > >vdev);
> > +
> > + if (!iommufd)
> > + return false;
> > +
> > + return iommufd == iommufd_ctx;
> > +}
> > +
> > /*
> > * We need to get memory_lock for each device, but devices can share
> > mmap_lock,
> > * therefore we need to zap and hold the vma_lock for each device, and
> > only then
> > * get each memory_lock.
> > */
> > static int vfio_pci_dev_set_hot_reset(struct vfio_device_set *dev_set,
> > - struct vfio_pci_group_info *groups)
> > + struct vfio_pci_group_info *groups,
> > + struct iommufd_ctx *iommufd_ctx)
> > {
> > struct vfio_pci_core_device *cur_mem;
> > struct vfio_pci_core_device *cur_vma;
> > @@ -2429,10 +2465,27 @@ static int vfio_pci_dev_set_hot_reset(struct
> > vfio_device_set *dev_set,
> >
> > list_for_each_entry(cur_vma, &dev_set->device_list,
> > vdev.dev_set_list) {
> > /*
> > - * Test whether all the affected devices are contained by
> > the
> > - * set of groups provided by the user.
> > + * Test whether all the affected devices can be reset by the
> > + * user. The affected devices may already been opened or
> > not
> > + * yet.
> > + *
> > + * For the devices not opened yet, user can reset them. The
> > + * reason is that the hot reset is done under the protection
> > + * of the dev_set->lock, and device open is also under this
> > + * lock. During the hot reset, such devices can not be
> > opened
> > + * by other users.
> > + *
> > + * For the devices that have been opened, needs to check
> > the
> > + * ownership. If the user provides a set of group fds, the
> > + * ownership check is done by checking if all the opened
> > + * devices are contained by the groups. If the user provides
> > + * a zero-length fd array, the ownerhsip check is done by
> > + * checking if all the opened devices are bound to the same
> > + * iommufd_ctx.
> > */
> > - if (!vfio_dev_in_groups(cur_vma, groups)) {
> > + if (cur_vma->vdev.open_count &&
> > + !vfio_dev_in_groups(cur_vma, groups) &&
> > + !vfio_dev_in_iommufd_ctx(cur_vma, iommufd_ctx)) {
>
> Hi Alex, Jason,
>
> There is one concern on this approach which is related to the
> cdev noiommu mode. As patch 16 of this series, cdev path
> supports noiommu mode by passing a negative iommufd to
> kernel. In such case, the vfio_device is not bound to a valid
> iommufd. Then the check in vfio_dev_in_iommufd_ctx() is
> to be broken.
>
> An idea is to add a cdev_noiommu flag in vfio_device, when
> checking the iommufd_ictx, also check this flag. If all the opened
> devices in the dev_set have vfio_device->cdev_noiommu==true,
> then the reset is considered to be doable. But there is a special
> case. If devices in this dev_set are opened by two applications
> that operates in cdev noiommu mode, then this logic is not able
> to differentiate them. In that case, should we allow the reset?
> It seems to ok to allow reset since noiommu mode itself means
> no security between the applications that use it. thoughts?
I don't think the existing vulnerabilities of no-iommu mode should be
carte blanche to add additional weaknesses. Thanks,
Alex
next prev parent reply other threads:[~2023-03-02 21:05 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-27 11:11 [PATCH v5 00/19] Add vfio_device cdev for iommufd support Yi Liu
2023-02-27 11:11 ` [PATCH v5 01/19] vfio: Allocate per device file structure Yi Liu
2023-02-27 18:46 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 02/19] vfio: Refine vfio file kAPIs for KVM Yi Liu
2023-02-27 18:46 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 03/19] vfio: Accept vfio device file in the KVM facing kAPI Yi Liu
2023-02-27 18:46 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 04/19] kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd Yi Liu
2023-02-27 18:47 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 05/19] kvm/vfio: Accept vfio device file from userspace Yi Liu
2023-02-27 18:47 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 06/19] vfio: Pass struct vfio_device_file * to vfio_device_open/close() Yi Liu
2023-02-27 18:47 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 07/19] vfio: Block device access via device fd until device is opened Yi Liu
2023-02-27 18:48 ` Jason Gunthorpe
2023-03-01 9:22 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 08/19] vfio/pci: Update comment around group_fd get in vfio_pci_ioctl_pci_hot_reset() Yi Liu
2023-02-27 18:48 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 09/19] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET Yi Liu
2023-02-27 18:22 ` Jason Gunthorpe
2023-02-28 2:31 ` Liu, Yi L
2023-03-02 6:07 ` Liu, Yi L
2023-03-02 9:55 ` Tian, Kevin
2023-03-02 12:35 ` Jason Gunthorpe
2023-03-02 14:20 ` Liu, Yi L
2023-03-03 6:36 ` Tian, Kevin
2023-03-03 16:55 ` Alex Williamson
2023-03-05 14:48 ` Liu, Yi L
2023-03-06 8:16 ` Tian, Kevin
2023-03-06 8:23 ` Tian, Kevin
2023-03-06 8:33 ` Liu, Yi L
2023-03-06 9:59 ` Liu, Yi L
2023-03-06 13:16 ` Jason Gunthorpe
2023-03-07 2:31 ` Tian, Kevin
2023-03-07 2:35 ` Liu, Yi L
2023-03-07 12:36 ` Jason Gunthorpe
2023-03-07 13:28 ` Liu, Yi L
2023-03-08 7:26 ` Tian, Kevin
2023-03-08 7:47 ` Liu, Yi L
2023-03-08 7:55 ` Tian, Kevin
2023-03-08 8:00 ` Liu, Yi L
2023-03-08 8:14 ` Tian, Kevin
2023-03-08 8:15 ` Liu, Yi L
2023-03-08 15:08 ` Jason Gunthorpe
2023-03-02 21:04 ` Alex Williamson [this message]
2023-02-27 11:11 ` [PATCH v5 10/19] vfio: Add infrastructure for bind_iommufd from userspace Yi Liu
2023-02-27 18:29 ` Jason Gunthorpe
2023-02-28 2:35 ` Liu, Yi L
2023-02-28 6:58 ` Liu, Yi L
2023-02-28 12:31 ` Jason Gunthorpe
2023-02-28 12:45 ` Liu, Yi L
2023-02-28 12:52 ` Jason Gunthorpe
2023-02-28 12:56 ` Liu, Yi L
2023-02-28 12:58 ` Jason Gunthorpe
2023-02-28 12:29 ` Jason Gunthorpe
2023-02-28 12:48 ` Liu, Yi L
2023-02-28 12:52 ` Jason Gunthorpe
2023-02-28 13:24 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 11/19] vfio-iommufd: Add detach_ioas support for physical VFIO devices Yi Liu
2023-02-27 18:44 ` Jason Gunthorpe
2023-02-28 2:57 ` Liu, Yi L
2023-02-28 12:33 ` Jason Gunthorpe
2023-02-28 12:43 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 12/19] vfio-iommufd: Add detach_ioas for emulated " Yi Liu
2023-02-27 18:45 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 13/19] vfio: Add cdev_device_open_cnt to vfio_group Yi Liu
2023-02-27 19:20 ` Jason Gunthorpe
2023-02-27 11:11 ` [PATCH v5 14/19] vfio: Make vfio_device_open() single open for device cdev path Yi Liu
2023-02-27 18:52 ` Jason Gunthorpe
2023-02-28 3:11 ` Liu, Yi L
2023-02-28 12:33 ` Jason Gunthorpe
2023-03-01 13:58 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 15/19] vfio: Add cdev for vfio_device Yi Liu
2023-02-27 18:55 ` Jason Gunthorpe
2023-02-28 3:47 ` Liu, Yi L
2023-02-27 19:06 ` Jason Gunthorpe
2023-02-28 3:59 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 16/19] vfio: Add VFIO_DEVICE_BIND_IOMMUFD Yi Liu
2023-02-27 19:19 ` Jason Gunthorpe
2023-02-28 4:08 ` Liu, Yi L
2023-03-01 9:19 ` Liu, Yi L
2023-03-01 17:46 ` Jason Gunthorpe
2023-03-02 4:09 ` Liu, Yi L
2023-03-03 6:57 ` Liu, Yi L
2023-03-03 7:23 ` Liu, Yi L
2023-03-07 6:38 ` Tian, Kevin
2023-03-07 12:37 ` Jason Gunthorpe
2023-03-07 13:03 ` Liu, Yi L
2023-03-08 7:17 ` Tian, Kevin
2023-03-10 2:39 ` Alexey Kardashevskiy
2023-03-10 5:49 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 17/19] vfio: Add VFIO_DEVICE_AT[DE]TACH_IOMMUFD_PT Yi Liu
2023-02-27 18:39 ` Jason Gunthorpe
2023-02-28 2:51 ` Liu, Yi L
2023-02-28 12:32 ` Jason Gunthorpe
2023-02-28 12:42 ` Liu, Yi L
2023-02-28 12:53 ` Jason Gunthorpe
2023-02-28 13:22 ` Liu, Yi L
2023-02-28 13:25 ` Jason Gunthorpe
2023-02-28 13:36 ` Liu, Yi L
2023-02-28 13:43 ` Jason Gunthorpe
2023-02-28 14:01 ` Liu, Yi L
2023-02-28 14:38 ` Jason Gunthorpe
2023-03-01 14:04 ` Liu, Yi L
2023-03-01 17:49 ` Jason Gunthorpe
2023-03-02 3:24 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 18/19] vfio: Compile group optionally Yi Liu
2023-02-27 19:20 ` Jason Gunthorpe
2023-02-28 3:14 ` Liu, Yi L
2023-02-28 6:00 ` Liu, Yi L
2023-02-28 12:36 ` Jason Gunthorpe
2023-03-01 13:59 ` Liu, Yi L
2023-02-27 11:11 ` [PATCH v5 19/19] docs: vfio: Add vfio device cdev description Yi Liu
2023-02-27 19:21 ` [PATCH v5 00/19] Add vfio_device cdev for iommufd support Jason Gunthorpe
2023-02-28 3:03 ` Liu, Yi L
2023-02-28 16:58 ` Xu, Terrence
2023-03-01 2:29 ` Nicolin Chen
2023-03-01 3:44 ` Liu, Yi L
2023-03-02 9:43 ` Shameerali Kolothum Thodi
2023-03-02 23:51 ` Nicolin Chen
2023-03-03 15:01 ` Shameerali Kolothum Thodi
2023-03-04 7:00 ` Nicolin Chen
2023-03-04 8:22 ` Liu, Yi L
2023-03-08 15:54 ` Shameerali Kolothum Thodi
2023-03-14 11:38 ` Shameerali Kolothum Thodi
2023-03-15 23:22 ` Nicolin Chen
2023-03-16 7:39 ` Liu, Yi L
2023-03-03 21:29 ` Matthew Rosato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230302140448.5a6a748a.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terrence.xu@intel.com \
--cc=xudong.hao@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).