From: David Gibson <david@gibson.dropbear.id.au>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>,
"Tian, Kevin" <kevin.tian@intel.com>,
"Jiang, Dave" <dave.jiang@intel.com>,
"Raj, Ashok" <ashok.raj@intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
Li Zefan <lizefan@huawei.com>,
LKML <linux-kernel@vger.kernel.org>,
"iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>,
Alex Williamson <alex.williamson@redhat.com>,
Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
"cgroups@vger.kernel.org" <cgroups@vger.kernel.org>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs
Date: Tue, 1 Jun 2021 14:27:25 +1000 [thread overview]
Message-ID: <YLW3LVWf4amurq4o@yekko> (raw)
In-Reply-To: <20210527190620.GJ1002214@nvidia.com>
[-- Attachment #1.1: Type: text/plain, Size: 4070 bytes --]
On Thu, May 27, 2021 at 04:06:20PM -0300, Jason Gunthorpe wrote:
> On Thu, May 27, 2021 at 02:53:42PM +1000, David Gibson wrote:
>
> > > > If the physical device had a bug which meant the mdevs *weren't*
> > > > properly isolated from each other, then those mdevs would share a
> > > > group, and you *would* care about it. Depending on how the isolation
> > > > failed the mdevs might or might not also share a group with the parent
> > > > physical device.
> > >
> > > That isn't a real scenario.. mdevs that can't be isolated just
> > > wouldn't be useful to exist
> >
> > Really? So what do you do when you discover some mdevs you thought
> > were isolated actually aren't due to a hardware bug? Drop support
> > from the driver entirely? In which case what do you say to the people
> > who understandably complain "but... we had all the mdevs in one guest
> > anyway, we don't care if they're not isolated"?
>
> I've never said to eliminate groups entirely.
>
> What I'm saying is that all the cases we have for mdev today do not
> require groups, but are forced to create a fake group anyhow just to
> satisfy the odd VFIO requirement to have a group FD.
>
> If some future mdev needs groups then sure, add the appropriate group
> stuff.
>
> But that doesn't effect the decision to have a VFIO group FD, or not.
>
> > > > It ensures that they're parked at the moment the group moves from
> > > > kernel to userspace ownership, but it can't prevent dpdk from
> > > > accessing and unparking those devices via peer to peer DMA.
> > >
> > > Right, and adding all this group stuff did nothing to alert the poor
> > > admin that is running DPDK to this risk.
> >
> > Didn't it? Seems to me the admin that in order to give the group to
> > DPDK, the admin had to find and unbind all the things in it... so is
> > therefore aware that they're giving everything in it to DPDK.
>
> Again, I've never said the *group* should be removed. I'm only
> concerned about the *group FD*
Ok, that wasn't really clear to me.
I still wouldn't say the group for mdevs is a fiction though.. rather
that the group device used for (no internal IOMMU case) mdevs is just
plain wrong.
> When the admin found and unbound they didn't use the *group FD* in any
> way.
No, they are likely to have changed permissions on the group device
node as part of the process, though.
> > > You put the same security labels you'd put on the group to the devices
> > > that consitute the group. It is only more tricky in the sense that the
> > > script that would have to do this will need to do more than ID the
> > > group to label but also ID the device members of the group and label
> > > their char nodes.
> >
> > Well, I guess, if you take the view that root is allowed to break the
> > kernel. I tend to prefer that although root can obviously break the
> > kernel if they intend do, we should make it hard to do by accident -
> > which in this case would mean the kernel *enforcing* that the devices
> > in the group have the same security labels, which I can't really see
> > how to do without an exposed group.
>
> How is this "break the kernel"? It has nothing to do with the
> kernel. Security labels are a user space concern.
*thinks*... yeah, ok, that was much too strong an assertion. What I
was thinking of is the fact that this means that guarantees you'd
normally expect the kernel to enforce can be obviated by bad
configuration: chown-ing a device to root doesn't actually protect it
if there's another device in the same group exposed to other users.
But I guess you could say the same about, say, an unauthenticated nbd
export of a root-owned block device, so I guess that's not something
the kernel can reasonably enforce.
Ok.. you might be finally convincing me, somewhat.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-06-01 7:55 UTC|newest]
Thread overview: 269+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-27 22:01 [PATCH V4 00/18] IOASID extensions for guest SVA Jacob Pan
2021-02-27 22:01 ` [PATCH V4 01/18] docs: Document IO Address Space ID (IOASID) APIs Jacob Pan
2021-02-27 22:01 ` [PATCH V4 02/18] iommu/ioasid: Rename ioasid_set_data() Jacob Pan
2021-02-27 22:01 ` [PATCH V4 03/18] iommu/ioasid: Add a separate function for detach data Jacob Pan
2021-02-27 22:01 ` [PATCH V4 04/18] iommu/ioasid: Support setting system-wide capacity Jacob Pan
2021-02-27 22:01 ` [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs Jacob Pan
2021-03-19 0:22 ` Jacob Pan
2021-03-19 9:58 ` Jean-Philippe Brucker
2021-03-19 12:46 ` Jason Gunthorpe
2021-03-19 13:41 ` Jean-Philippe Brucker
2021-03-19 13:54 ` Jason Gunthorpe
2021-03-19 18:22 ` Jacob Pan
2021-03-22 9:24 ` Jean-Philippe Brucker
2021-03-24 17:02 ` Jacob Pan
2021-03-24 17:03 ` Jason Gunthorpe
2021-03-24 22:12 ` Jacob Pan
2021-03-25 10:21 ` Jean-Philippe Brucker
2021-03-25 17:02 ` Jacob Pan
2021-03-25 17:16 ` Jason Gunthorpe
2021-03-25 18:23 ` Jacob Pan
2021-03-26 8:06 ` Jean-Philippe Brucker
2021-03-30 13:07 ` Jason Gunthorpe
2021-03-30 13:42 ` Jean-Philippe Brucker
2021-03-30 13:46 ` Jason Gunthorpe
2021-03-25 10:26 ` Jean-Philippe Brucker
2021-03-22 12:03 ` Jason Gunthorpe
2021-03-24 19:05 ` Jacob Pan
2021-03-29 16:31 ` Jason Gunthorpe
2021-03-29 22:55 ` Jacob Pan
2021-03-30 13:43 ` Jason Gunthorpe
2021-03-31 0:10 ` Jacob Pan
2021-03-31 12:28 ` Jason Gunthorpe
2021-03-31 16:34 ` Jacob Pan
2021-03-31 17:31 ` Jason Gunthorpe
2021-03-31 18:20 ` Jacob Pan
2021-03-31 18:33 ` Jason Gunthorpe
2021-03-31 21:50 ` Jacob Pan
2021-03-31 8:38 ` Liu, Yi L
2021-03-30 1:37 ` Tian, Kevin
2021-03-30 13:28 ` Jason Gunthorpe
2021-03-31 7:38 ` Liu, Yi L
2021-03-31 12:40 ` Jason Gunthorpe
2021-04-01 4:38 ` Liu, Yi L
2021-04-01 7:04 ` Liu, Yi L
2021-04-01 11:54 ` Jason Gunthorpe
2021-04-02 12:46 ` Liu, Yi L
2021-04-01 12:05 ` Jean-Philippe Brucker
2021-04-01 12:12 ` Jason Gunthorpe
2021-04-01 13:38 ` Liu, Yi L
2021-04-01 13:42 ` Jason Gunthorpe
2021-04-01 14:08 ` Liu, Yi L
2021-04-01 16:03 ` Jason Gunthorpe
2021-04-02 7:30 ` Tian, Kevin
2021-04-05 23:35 ` Jason Gunthorpe
2021-04-06 0:37 ` Tian, Kevin
2021-04-06 12:15 ` Jason Gunthorpe
2021-04-15 13:11 ` Auger Eric
2021-04-15 23:07 ` Jason Gunthorpe
2021-04-16 13:12 ` Jacob Pan
2021-04-16 15:45 ` Alex Williamson
2021-04-16 17:23 ` Jacob Pan
2021-04-16 17:54 ` Jason Gunthorpe
2021-04-21 13:18 ` Liu, Yi L
2021-04-21 16:23 ` Jason Gunthorpe
2021-04-21 16:54 ` Alex Williamson
2021-04-21 17:52 ` Jason Gunthorpe
2021-04-21 19:33 ` Alex Williamson
2021-04-21 23:03 ` Jason Gunthorpe
2021-04-22 8:34 ` Tian, Kevin
2021-04-22 12:10 ` Jason Gunthorpe
2021-04-23 9:06 ` Tian, Kevin
2021-04-23 11:49 ` Jason Gunthorpe
2021-04-25 9:24 ` Tian, Kevin
2021-04-26 12:38 ` Jason Gunthorpe
2021-04-28 6:34 ` Tian, Kevin
2021-04-28 15:06 ` Alex Williamson
2021-05-07 7:36 ` Tian, Kevin
2021-05-07 11:56 ` Jason Gunthorpe
2021-05-07 17:06 ` Alex Williamson
2021-05-07 17:10 ` Jason Gunthorpe
2021-05-08 6:08 ` Tian, Kevin
2021-05-08 7:31 ` Tian, Kevin
2021-05-10 2:56 ` Lu Baolu
2021-04-28 20:46 ` Jason Gunthorpe
2021-05-04 16:22 ` Jacob Pan
2021-05-04 16:31 ` Jason Gunthorpe
2021-05-08 5:46 ` Tian, Kevin
2021-05-04 15:41 ` Jacob Pan
2021-05-04 18:00 ` Jason Gunthorpe
2021-05-04 22:11 ` Jacob Pan
2021-05-04 23:15 ` Jason Gunthorpe
2021-05-05 17:22 ` Jacob Pan
2021-05-05 18:00 ` Jason Gunthorpe
2021-05-05 20:04 ` Jacob Pan
2021-05-05 22:21 ` Jason Gunthorpe
2021-05-05 23:23 ` Raj, Ashok
2021-05-06 12:22 ` Jason Gunthorpe
2021-05-08 7:06 ` Liu Yi L
2021-05-06 7:23 ` Jean-Philippe Brucker
2021-05-06 12:27 ` Jason Gunthorpe
2021-05-06 16:32 ` Raj, Ashok
2021-05-07 17:20 ` Jason Gunthorpe
2021-05-07 18:14 ` Raj, Ashok
2021-05-07 18:20 ` Jason Gunthorpe
2021-05-07 19:23 ` Raj, Ashok
2021-05-07 19:28 ` Jason Gunthorpe
2021-05-07 22:15 ` Jacob Pan
2021-05-08 9:56 ` Tian, Kevin
2021-05-10 12:37 ` Jason Gunthorpe
2021-05-10 15:25 ` Raj, Ashok
2021-05-10 15:31 ` Jason Gunthorpe
2021-05-10 16:22 ` Raj, Ashok
2021-05-10 16:39 ` Jason Gunthorpe
2021-05-10 22:28 ` Jacob Pan
2021-05-10 23:45 ` Jason Gunthorpe
2021-05-11 3:56 ` Jacob Pan
2021-05-11 9:10 ` Tian, Kevin
2021-05-11 13:24 ` Liu Yi L
2021-05-11 22:52 ` Tian, Kevin
2021-05-11 14:38 ` Jason Gunthorpe
2021-05-11 22:51 ` Tian, Kevin
2021-05-11 23:39 ` Jason Gunthorpe
2021-05-12 0:21 ` Tian, Kevin
2021-05-12 0:25 ` Jason Gunthorpe
2021-05-12 0:40 ` Tian, Kevin
2021-04-29 8:54 ` Auger Eric
2021-04-29 8:55 ` Auger Eric
2021-04-29 13:26 ` Auger Eric
2021-04-29 20:04 ` Jason Gunthorpe
2021-05-05 9:10 ` Auger Eric
2021-04-22 17:13 ` Alex Williamson
2021-04-22 17:57 ` Jason Gunthorpe
2021-04-22 19:37 ` Alex Williamson
2021-04-22 20:00 ` Jason Gunthorpe
2021-04-22 22:38 ` Alex Williamson
2021-04-22 23:39 ` Jason Gunthorpe
2021-04-23 10:31 ` Tian, Kevin
2021-04-23 11:57 ` Jason Gunthorpe
2021-04-27 5:11 ` David Gibson
2021-04-27 16:39 ` Jason Gunthorpe
2021-04-28 0:49 ` David Gibson
2021-04-23 16:38 ` Alex Williamson
2021-04-23 22:28 ` Jason Gunthorpe
2021-04-27 5:15 ` David Gibson
2021-04-27 5:08 ` David Gibson
2021-04-27 17:12 ` Jason Gunthorpe
2021-04-28 0:58 ` David Gibson
2021-04-28 14:56 ` Jason Gunthorpe
2021-04-29 3:04 ` David Gibson
2021-05-03 16:15 ` Jason Gunthorpe
2021-05-13 5:48 ` David Gibson
2021-05-13 13:59 ` Jason Gunthorpe
2021-05-24 7:52 ` David Gibson
2021-05-24 23:37 ` Jason Gunthorpe
2021-05-25 19:26 ` Kirti Wankhede
2021-05-25 19:52 ` Jason Gunthorpe
2021-05-25 21:18 ` Kirti Wankhede
2021-05-27 5:00 ` David Gibson
2021-05-27 18:25 ` Kirti Wankhede
2021-06-01 3:45 ` David Gibson
2021-05-27 4:58 ` David Gibson
2021-05-27 18:48 ` Jason Gunthorpe
2021-06-01 4:03 ` David Gibson
2021-06-01 12:57 ` Jason Gunthorpe
2021-06-08 0:44 ` David Gibson
2021-06-08 18:34 ` Jason Gunthorpe
2021-05-25 22:52 ` Alex Williamson
2021-05-26 18:10 ` Kirti Wankhede
2021-05-26 18:59 ` Alex Williamson
2021-05-26 19:13 ` Jason Gunthorpe
2021-05-27 4:53 ` David Gibson
2021-05-27 19:06 ` Jason Gunthorpe
2021-06-01 4:27 ` David Gibson [this message]
2021-04-28 6:58 ` Tian, Kevin
2021-05-04 17:12 ` Jason Gunthorpe
2021-05-07 8:09 ` Tian, Kevin
2021-04-28 7:47 ` Tian, Kevin
2021-04-28 18:41 ` Jason Gunthorpe
2021-04-27 4:50 ` David Gibson
2021-04-27 17:24 ` Jason Gunthorpe
2021-04-28 1:23 ` David Gibson
2021-04-29 0:21 ` Jason Gunthorpe
2021-04-29 3:20 ` David Gibson
2021-05-03 16:05 ` Jason Gunthorpe
2021-05-04 3:54 ` David Gibson
2021-05-04 18:15 ` Jason Gunthorpe
2021-05-05 4:28 ` Alexey Kardashevskiy
2021-05-05 16:39 ` Jason Gunthorpe
2021-05-13 6:07 ` David Gibson
2021-05-13 13:50 ` Jason Gunthorpe
2021-05-24 7:56 ` David Gibson
2021-05-13 6:01 ` David Gibson
2021-05-13 6:52 ` Tian, Kevin
2021-05-13 13:47 ` Jason Gunthorpe
2021-04-22 12:55 ` Liu Yi L
2021-04-16 13:38 ` Auger Eric
2021-04-16 14:05 ` Jason Gunthorpe
2021-04-16 14:26 ` Auger Eric
2021-04-16 14:34 ` Jason Gunthorpe
2021-04-16 15:00 ` Auger Eric
2021-04-01 11:46 ` Jason Gunthorpe
2021-04-01 13:10 ` Liu, Yi L
2021-04-01 13:15 ` Jason Gunthorpe
2021-04-01 13:43 ` Liu, Yi L
2021-04-01 13:46 ` Jason Gunthorpe
2021-04-02 7:58 ` Tian, Kevin
2021-04-05 23:39 ` Jason Gunthorpe
2021-04-06 1:02 ` Tian, Kevin
2021-04-06 12:21 ` Jason Gunthorpe
2021-04-07 2:23 ` Tian, Kevin
[not found] ` <MWHPR11MB188628BDB37A4EE36F3D99338C769@MWHPR11MB1886.namprd11.prod.outlook.com>
2021-04-06 2:08 ` Tian, Kevin
2021-04-02 10:01 ` Tian, Kevin
2021-04-02 8:22 ` Tian, Kevin
2021-04-05 23:42 ` Jason Gunthorpe
2021-04-06 1:27 ` Tian, Kevin
2021-04-06 12:34 ` Jason Gunthorpe
2021-04-07 2:08 ` Tian, Kevin
2021-04-07 12:20 ` Jason Gunthorpe
2021-04-07 23:50 ` Tian, Kevin
2021-04-08 11:41 ` Jason Gunthorpe
2021-04-06 1:35 ` Jason Wang
2021-04-06 12:42 ` Jason Gunthorpe
2021-04-07 2:06 ` Jason Wang
2021-04-07 8:17 ` Tian, Kevin
2021-04-07 11:58 ` Jason Gunthorpe
2021-04-07 18:43 ` Jean-Philippe Brucker
2021-04-07 19:36 ` Jason Gunthorpe
2021-04-08 9:37 ` Jean-Philippe Brucker
2021-03-30 2:24 ` Tian, Kevin
2021-03-30 13:24 ` Jason Gunthorpe
2021-03-30 4:14 ` Tian, Kevin
2021-03-30 13:27 ` Jason Gunthorpe
2021-03-31 7:41 ` Liu, Yi L
2021-03-31 12:38 ` Jason Gunthorpe
2021-03-31 23:46 ` Jacob Pan
2021-04-01 0:37 ` Jason Gunthorpe
2021-04-01 17:23 ` Jacob Pan
2021-04-01 17:26 ` Jason Gunthorpe
2021-03-19 17:14 ` Jacob Pan
2021-02-27 22:01 ` [PATCH V4 06/18] iommu/ioasid: Add free function and states Jacob Pan
2021-02-27 22:01 ` [PATCH V4 07/18] iommu/ioasid: Add ioasid_set iterator helper functions Jacob Pan
2021-02-27 22:01 ` [PATCH V4 08/18] iommu/ioasid: Introduce ioasid_set private ID Jacob Pan
2021-02-27 22:01 ` [PATCH V4 09/18] iommu/ioasid: Introduce notification APIs Jacob Pan
2021-02-27 22:01 ` [PATCH V4 10/18] iommu/ioasid: Support mm token type ioasid_set notifications Jacob Pan
2021-02-27 22:01 ` [PATCH V4 11/18] iommu/ioasid: Add ownership check in guest bind Jacob Pan
2021-02-27 22:01 ` [PATCH V4 12/18] iommu/vt-d: Remove mm reference for guest SVA Jacob Pan
2021-02-27 22:01 ` [PATCH V4 13/18] iommu/ioasid: Add a workqueue for cleanup work Jacob Pan
2021-02-27 22:01 ` [PATCH V4 14/18] iommu/vt-d: Listen to IOASID notifications Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 15/18] cgroup: Introduce ioasids controller Jacob Pan
2021-03-03 15:44 ` Tejun Heo
2021-03-03 21:17 ` Jacob Pan
2021-03-04 0:02 ` Jacob Pan
2021-03-04 0:23 ` Jason Gunthorpe
2021-03-04 9:49 ` Jean-Philippe Brucker
2021-03-04 17:46 ` Jacob Pan
2021-03-04 17:54 ` Jason Gunthorpe
2021-03-04 19:01 ` Jacob Pan
2021-03-04 19:02 ` Jason Gunthorpe
2021-03-04 21:28 ` Jacob Pan
2021-03-05 8:30 ` Jean-Philippe Brucker
2021-03-05 17:16 ` Jean-Philippe Brucker
2021-03-05 18:20 ` Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 16/18] iommu/ioasid: Consult IOASIDs cgroup for allocation Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 17/18] docs: cgroup-v1: Add IOASIDs controller Jacob Pan
2021-02-27 22:01 ` [RFC PATCH 18/18] ioasid: Add /dev/ioasid for userspace Jacob Pan
2021-03-10 19:23 ` Jason Gunthorpe
2021-03-11 22:55 ` Jacob Pan
2021-03-12 14:54 ` Jason Gunthorpe
2021-03-02 12:58 ` [PATCH V4 00/18] IOASID extensions for guest SVA Liu, Yi L
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YLW3LVWf4amurq4o@yekko \
--to=david@gibson.dropbear.id.au \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dave.jiang@intel.com \
--cc=dwmw2@infradead.org \
--cc=hannes@cmpxchg.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.com \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).