From: Chathura Rajapaksha <chathura.abeyrathne.lk@gmail.com>
To: paul@paul-moore.com
Cc: Yunxiang.Li@amd.com, alex.williamson@redhat.com,
audit@vger.kernel.org, avihaih@nvidia.com, bhelgaas@google.com,
chath@bu.edu, chathura.abeyrathne.lk@gmail.com,
eparis@redhat.com, kevin.tian@intel.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, schnelle@linux.ibm.com,
xin.zeng@intel.com, xwill@bu.edu, yahui.cao@intel.com,
zhangdongdong@eswincomputing.com
Subject: Re: [PATCH RFC 2/2] audit accesses to unassigned PCI config regions
Date: Tue, 20 May 2025 10:33:55 -0600 [thread overview]
Message-ID: <20250520163355.13346-1-chath@bu.edu> (raw)
In-Reply-To: <669e1abd542da9fbcfb466d134f01767@paul-moore.com>
Hi Bjorn and Paul,
Thank you for your comments, and sorry for the late reply.
On Mon, Apr 28, 2025 at 11:05 AM Bjorn Helgaas <helgaas@kernel.org> wrote:
> Add blank line between paragraphs.
> Use imperative mood ("Introduce" instead of "This patch introduces
> ..." and "Add ..." instead of "A new type has been introduced").
> Simplify this patch by adding "blocked" in the first patch. Then you
> won't have to touch the permission checking that is unrelated to the
> audit logging. Consider adding a helper to do the checking and return
> "blocked" so it doesn't clutter vfio_config_do_rw().
I will address the above comments in the next revision.
On Fri, May 16, 2025 at 4:41 PM Paul Moore <paul@paul-moore.com> wrote:
> I try to encourage people to put a sample audit record in the commit
> description as it helps others, even those not overly familiar with the
> Linux kernel, know what to expect in the audit log and provide feedback.
> > +static const char * const vfio_audit_str[VFIO_AUDIT_MAX] = {
> > + [VFIO_AUDIT_READ] = "READ",
> > + [VFIO_AUDIT_WRITE] = "WRITE",
> > +};
>
> We generally don't capitalize things like this in audit, "read" and
> "write" would be preferred.
I will address the above comments in the next revision.
The following is the expected audit message when a write is performed
to an unassigned PCI config region:
device=0000:01:00.1 access=WRITE offset=0x298 size=1 blocked=0
> In the commit description you talk about a general PCIe device issue
> in the first paragraph before going into the specifics of the VFIO
> driver. That's all well and good, but it makes me wonder if this
> audit code above is better done as a generic PCI function that other
> PCI drivers could use if they had similar concerns? Please correct
> me if I'm wrong, but other than symbol naming I don't see anyting
> above which is specific to VFIO. Thoughts?
While the issue is independent of VFIO, the security and availability
concerns arise when guests are able to write to unassigned PCI config
regions on devices passed through using VFIO. That's why we thought it
would be better to audit these accesses in the VFIO driver. Given this
context, do you think it would be more appropriate to audit these
accesses through a generic PCI function instead?
> Beyond that, I might also change the "access=" field to "op=" as we
> already use the "op=" field name for similar things in audit, it would
> be good to leverage that familiarity here. Similarly using "res=",
> specifically "res=0" for failure/blocked or "res=1" allowed, would
> better fit with audit conventions.
Thanks for the suggestions, I will address these in the next revision.
Regards,
Chathura
next prev parent reply other threads:[~2025-05-20 16:34 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-26 21:22 [RFC PATCH 0/2] vfio/pci: Block and audit accesses to unassigned config regions Chathura Rajapaksha
2025-04-26 21:22 ` [RFC PATCH 1/2] block accesses to unassigned PCI " Chathura Rajapaksha
2025-04-28 15:00 ` Bjorn Helgaas
2025-04-26 21:22 ` [RFC PATCH 2/2] audit " Chathura Rajapaksha
2025-04-28 15:05 ` Bjorn Helgaas
2025-05-16 20:41 ` [PATCH RFC " Paul Moore
2025-05-20 16:33 ` Chathura Rajapaksha [this message]
2025-05-20 18:08 ` Paul Moore
2025-04-28 13:24 ` [RFC PATCH 0/2] vfio/pci: Block and audit accesses to unassigned " Jason Gunthorpe
2025-04-28 20:25 ` Alex Williamson
2025-04-29 13:44 ` Jason Gunthorpe
2025-05-16 18:17 ` Chathura Rajapaksha
2025-05-16 18:35 ` Jason Gunthorpe
2025-05-17 17:14 ` Chathura Rajapaksha
2025-05-26 19:44 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250520163355.13346-1-chath@bu.edu \
--to=chathura.abeyrathne.lk@gmail.com \
--cc=Yunxiang.Li@amd.com \
--cc=alex.williamson@redhat.com \
--cc=audit@vger.kernel.org \
--cc=avihaih@nvidia.com \
--cc=bhelgaas@google.com \
--cc=chath@bu.edu \
--cc=eparis@redhat.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=schnelle@linux.ibm.com \
--cc=xin.zeng@intel.com \
--cc=xwill@bu.edu \
--cc=yahui.cao@intel.com \
--cc=zhangdongdong@eswincomputing.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox