Re: [Qemu-devel] [PATCH] mark nic as trusted

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gleb Natapov <gleb@redhat.com>
To: Mark McLoughlin <markmc@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
Date: Wed, 7 Jan 2009 17:19:12 +0200	[thread overview]
Message-ID: <20090107151912.GF3267@redhat.com> (raw)
In-Reply-To: <1231340671.5050.69.camel@localhost.localdomain>

On Wed, Jan 07, 2009 at 03:04:31PM +0000, Mark McLoughlin wrote:
> Hi Gleb,
> 
> On Wed, 2009-01-07 at 16:26 +0200, Gleb Natapov wrote:
> 
> > This patch allows to mark specific nic as trusted by adding special
> > PCI capability. "Trusted" means that it is used for communication
> > between host and guest and no malicious entity can inject traffic
> > to the nic.
> 
> I'm not sure I follow - is this cookie a shared secret that only the
> host and guest knows, or do literally mean that the cookie will contain
> the string "Trusted" as a indicator that the guest can trust the NIC?
> 
The presence of the capability indicates that the nic is trusted, but I
added a possibility to pass 14 byte string from a host too. The string can
be used as shared secret.

> > Signed-off-by: Gleb Natapov <gleb@redhat.com>
> ...
> > diff --git a/hw/virtio-net.c b/hw/virtio-net.c
> > index 1f45b2d..186c6bd 100644
> > --- a/hw/virtio-net.c
> > +++ b/hw/virtio-net.c
> > @@ -309,6 +309,9 @@ PCIDevice *virtio_net_init(PCIBus *bus, NICInfo *nd, int devfn)
> >      if (!n)
> >          return NULL;
> >  
> > +    if (nd->secure_cookie[0])
> > +        pci_add_capability(&n->vdev.pci_dev, 0x0f, 0xf0, nd->secure_cookie, 14);
> 
> How was the Capability ID 0x0f chosen? It it unallocated by the PCI SIG
> allocated it or ...? I see it's not defined in the kernel sources:
> 
> #define  PCI_CAP_ID_AGP3        0x0E    /* AGP Target PCI-PCI bridge */
> #define  PCI_CAP_ID_EXP         0x10    /* PCI Express */
> 
It is "secure device capability", so I used it based on the name.

> Also, to reduce magic numbers it would be nice to define the CAP_ID
> (0xf) and offset (0xf0) as a macro somewhere and use
> sizeof(nd->secure_cookie) instead of 14.
OK. Good point.

> 
> > diff --git a/net.c b/net.c
> > index 6af4255..000768f 100644
> > --- a/net.c
> > +++ b/net.c
> > @@ -1474,6 +1474,11 @@ int net_client_init(const char *device, const char *p)
> >          if (get_param_value(buf, sizeof(buf), "model", p)) {
> >              nd->model = strdup(buf);
> >          }
> > +        if (get_param_value(buf, sizeof(buf), "trusted", p)) {
> > +            strncpy(nd->secure_cookie, buf, sizeof(nd->secure_cookie));
> > +        } else {
> > +            nd->secure_cookie[0] = NULL;
> 
> NULL isn't a uint8_t, use '\0' instead I guess. Or maybe just memset()
> the NICInfo struct before starting to assign to it.
> 
OK. I wounder why I've used NULL here in the first place.

--
			Gleb.

next prev parent reply	other threads:[~2009-01-07 15:18 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-07 14:26 [Qemu-devel] [PATCH] mark nic as trusted Gleb Natapov
2009-01-07 15:04 ` Mark McLoughlin
2009-01-07 15:19   ` Gleb Natapov [this message]
2009-01-07 15:41     ` Mark McLoughlin
2009-01-07 16:02       ` Gleb Natapov
2009-01-07 16:34 ` Anthony Liguori
2009-01-07 16:50   ` Gleb Natapov
2009-01-07 17:53     ` Anthony Liguori
2009-01-07 17:54       ` Anthony Liguori
2009-01-07 18:41         ` Gleb Natapov
2009-01-07 19:26           ` Anthony Liguori
2009-01-07 19:46             ` Gleb Natapov
2009-01-08 19:58               ` Anthony Liguori
2009-01-08 21:26                 ` Gleb Natapov
2009-01-08 21:42                   ` Anthony Liguori
2009-01-08 22:49                     ` Jamie Lokier
2009-01-08 23:14                       ` Dor Laor
2009-01-09 10:41                         ` Daniel P. Berrange
2009-01-10  2:18                           ` Jamie Lokier
2009-01-10 18:22                             ` Anthony Liguori
2009-01-11  4:55                               ` Jamie Lokier
2009-01-11  7:10                                 ` Blue Swirl
2009-01-11 14:08                                   ` Carl-Daniel Hailfinger
2009-01-11 15:07                                     ` Dor Laor
2009-01-11 15:34                                       ` Blue Swirl
2009-01-11 16:01                                         ` Dor Laor
2009-01-12  2:20                                           ` Jamie Lokier
2009-01-12  8:05                                             ` Gleb Natapov
2009-01-12 12:26                                               ` Dor Laor
2009-01-10  2:27                         ` Jamie Lokier
2009-01-08 23:26                       ` Anthony Liguori
2009-01-10  2:31                         ` Jamie Lokier
2009-01-10 18:24                           ` Anthony Liguori
2009-01-11  4:40                             ` Jamie Lokier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090107151912.GF3267@redhat.com \
    --to=gleb@redhat.com \
    --cc=markmc@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.