From: Greg KH <gregkh@linuxfoundation.org>
To: Tianyu Lan <ltykernel@gmail.com>
Cc: kys@microsoft.com, haiyangz@microsoft.com,
sthemmin@microsoft.com, wei.liu@kernel.org,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org,
vkuznets@redhat.com, thomas.lendacky@amd.com,
brijesh.singh@amd.com, sunilmut@microsoft.com
Subject: Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM.
Date: Wed, 14 Apr 2021 17:36:42 +0200 [thread overview]
Message-ID: <YHcMCn24RazskMCf@kroah.com> (raw)
In-Reply-To: <e54446fb-f9d9-2768-f73f-01a94cf635ea@gmail.com>
On Wed, Apr 14, 2021 at 11:20:19PM +0800, Tianyu Lan wrote:
> Hi Greg:
> Thanks for your review.
>
> On 4/14/2021 12:00 AM, Greg KH wrote:
> > On Tue, Apr 13, 2021 at 11:22:13AM -0400, Tianyu Lan wrote:
> > > From: Tianyu Lan <Tianyu.Lan@microsoft.com>
> > >
> > > UIO HV driver should not load in the isolation VM for security reason.
> >
> > Why? I need a lot more excuse than that.
>
> The reason is that ring buffers have been marked as visible to host.
> UIO driver will expose these buffers to user space and user space
> driver hasn't done some secure check for data from host. This
> is considered as insecure in isolation VM.
But as this is a VM choice, why did the VM mark those as visible in the
first place?
thanks,
greg k-h
next prev parent reply other threads:[~2021-04-14 15:36 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 15:22 [RFC V2 PATCH 00/12] x86/Hyper-V: Add Hyper-V Isolation VM support Tianyu Lan
2021-04-13 15:22 ` Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 1/12] x86/HV: Initialize GHCB page in Isolation VM Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 2/12] x86/HV: Initialize shared memory boundary " Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 3/12] x86/Hyper-V: Add new hvcall guest address host visibility support Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 4/12] HV: Add Write/Read MSR registers via ghcb Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 5/12] HV: Add ghcb hvcall support for SNP VM Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 6/12] HV/Vmbus: Add SNP support for VMbus channel initiate message Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 7/12] HV/Vmbus: Initialize VMbus ring buffer for Isolation VM Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM Tianyu Lan
2021-04-13 15:59 ` Greg KH
2021-04-13 16:00 ` Greg KH
2021-04-14 15:20 ` Tianyu Lan
2021-04-14 15:36 ` Greg KH [this message]
2021-04-13 15:22 ` [RFC V2 PATCH 9/12] swiotlb: Add bounce buffer remap address setting function Tianyu Lan
2021-04-13 15:22 ` Tianyu Lan
2021-04-14 6:43 ` Christoph Hellwig
2021-04-14 6:43 ` Christoph Hellwig
2021-04-14 14:12 ` Tianyu Lan
2021-04-14 14:12 ` Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 10/12] HV/IOMMU: Add Hyper-V dma ops support Tianyu Lan
2021-04-13 15:22 ` Tianyu Lan
2021-04-13 15:22 ` [RFC V2 PATCH 11/12] HV/Netvsc: Add Isolation VM support for netvsc driver Tianyu Lan
2021-04-18 9:53 ` Leon Romanovsky
2021-04-13 15:22 ` [RFC V2 PATCH 12/12] HV/Storvsc: Add Isolation VM support for storvsc driver Tianyu Lan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YHcMCn24RazskMCf@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=Tianyu.Lan@microsoft.com \
--cc=brijesh.singh@amd.com \
--cc=haiyangz@microsoft.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ltykernel@gmail.com \
--cc=sthemmin@microsoft.com \
--cc=sunilmut@microsoft.com \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wei.liu@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.