From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: Steven Sistare <steven.sistare@oracle.com>,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, Si-Wei Liu <si-wei.liu@oracle.com>,
Eugenio Perez Martin <eperezma@redhat.com>,
Xuan Zhuo <xuanzhuo@linux.alibaba.com>,
Dragos Tatulea <dtatulea@nvidia.com>,
Alex Williamson <alex.williamson@redhat.com>
Subject: Re: [PATCH V2 5/7] vhost-vdpa: VHOST_IOTLB_REMAP
Date: Thu, 18 Jul 2024 15:39:04 -0400 [thread overview]
Message-ID: <20240718153724-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CACGkMEtuErg+nd96k6FkL9dfSxOv2o38L1HSsK9jU-xmmkv8oQ@mail.gmail.com>
On Thu, Jul 18, 2024 at 08:45:31AM +0800, Jason Wang wrote:
> > > For example:
> > >
> > > 1) old owner pass fd to new owner which is another process
> > > 2) the new owner do VHOST_NEW_OWNER
> > > 3) new owner doesn't do remap correctly
> > >
> > > There's no way for the old owner to remove/unpin the mappings as we
> > > have the owner check in IOTLB_UPDATE. Looks like a potential way for
> > > DOS.
> >
> > This is a bug in the second cooperating process, not a DOS. The application
> > must fix it. Sometimes you cannot recover from an application bug at run time.
> >
> > BTW, at one time vfio enforced the concept of an owner, but Alex deleted it.
> > It adds no value, because possession of the fd is the key.
> > ffed0518d871 ("vfio: remove useless judgement")
>
> This seems to be a great relaxation of the ownership check. I would
> like to hear from Michael first.
>
> Thanks
It could be that the ownership model is too restrictive.
But again, this is changing a security assumption.
Looks like yes another reason to tie this to the switch to iommufd.
--
MST
next prev parent reply other threads:[~2024-07-18 19:39 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-12 13:18 [PATCH V2 0/7] vdpa live update Steve Sistare
2024-07-12 13:18 ` [PATCH V2 1/7] vhost-vdpa: count pinned memory Steve Sistare
2024-07-12 13:18 ` [PATCH V2 2/7] vhost-vdpa: pass mm to bind Steve Sistare
2024-07-12 13:18 ` [PATCH V2 3/7] vhost-vdpa: VHOST_NEW_OWNER Steve Sistare
2024-07-15 2:26 ` Jason Wang
2024-07-15 9:06 ` Michael S. Tsirkin
2024-07-15 14:27 ` Steven Sistare
2024-07-16 5:16 ` Jason Wang
2024-07-17 18:28 ` Steven Sistare
2024-07-22 7:26 ` Jason Wang
2024-07-15 9:07 ` Michael S. Tsirkin
2024-07-15 14:29 ` Steven Sistare
2024-07-15 14:38 ` Michael S. Tsirkin
2024-07-15 15:38 ` Steven Sistare
2024-07-12 13:18 ` [PATCH V2 4/7] vhost-vdpa: VHOST_BACKEND_F_NEW_OWNER Steve Sistare
2024-07-15 2:31 ` Jason Wang
2024-07-15 14:27 ` Steven Sistare
2024-07-12 13:18 ` [PATCH V2 5/7] vhost-vdpa: VHOST_IOTLB_REMAP Steve Sistare
2024-07-15 2:34 ` Jason Wang
2024-07-15 14:28 ` Steven Sistare
2024-07-16 5:28 ` Jason Wang
2024-07-17 18:29 ` Steven Sistare
2024-07-18 0:45 ` Jason Wang
2024-07-18 19:39 ` Michael S. Tsirkin [this message]
2024-07-18 20:19 ` Steven Sistare
2024-07-19 1:01 ` Jason Wang
2024-07-12 13:18 ` [PATCH V2 6/7] vhost-vdpa: VHOST_BACKEND_F_IOTLB_REMAP Steve Sistare
2024-07-12 13:18 ` [PATCH V2 7/7] vdpa/mlx5: new owner capability Steve Sistare
2024-07-12 14:06 ` [PATCH V2 0/7] vdpa live update Steven Sistare
2024-07-15 2:14 ` Jason Wang
2024-07-15 14:28 ` Steven Sistare
2024-07-16 5:30 ` Jason Wang
2024-07-17 18:29 ` Steven Sistare
2024-07-18 0:33 ` Jason Wang
2024-07-20 21:34 ` Steven Sistare
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240718153724-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=dtatulea@nvidia.com \
--cc=eperezma@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=si-wei.liu@oracle.com \
--cc=steven.sistare@oracle.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.