From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Qdv9=ZG=vger.kernel.org=kvm-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B889FC432C3
	for <kvm@archiver.kernel.org>; Thu, 14 Nov 2019 08:15:59 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 96A66206EF
	for <kvm@archiver.kernel.org>; Thu, 14 Nov 2019 08:15:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1573719359;
	bh=hMyqzpTf+//VUBiUaJT2l3Ku9IgCB9y0boQvKGMnJHY=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:List-ID:From;
	b=0W5DoW5WxBnTL1sobEzuFdjs8Zefl5wHpHtdeuh2RuRpCIO1BpA7ERjSxj2jGCKR7
	 py7ZsfE3FhRKp4LHKV9I7nvmfCgNqmTdXugVuMWc1WBQNuA1JuuSYiULXNzIk9eBTK
	 8+V3orEVbcLHZiQ4FM/axIEEoxYsC1jdeRbRo3eI=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726369AbfKNIP6 (ORCPT <rfc822;kvm@archiver.kernel.org>);
        Thu, 14 Nov 2019 03:15:58 -0500
Received: from inca-roads.misterjones.org ([213.251.177.50]:36562 "EHLO
        inca-roads.misterjones.org" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1725976AbfKNIP6 (ORCPT
        <rfc822;kvm@vger.kernel.org>); Thu, 14 Nov 2019 03:15:58 -0500
Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=why)
        by cheepnis.misterjones.org with esmtpsa (TLSv1.2:AES256-GCM-SHA384:256)
        (Exim 4.80)
        (envelope-from <maz@kernel.org>)
        id 1iVAIC-0007GE-Cl; Thu, 14 Nov 2019 09:15:52 +0100
Date:   Thu, 14 Nov 2019 08:15:50 +0000
From:   Marc Zyngier <maz@kernel.org>
To:     Peter Maydell <peter.maydell@linaro.org>
Cc:     Christian Borntraeger <borntraeger@de.ibm.com>,
        kvm-devel <kvm@vger.kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        James Morse <james.morse@arm.com>,
        Julien Thierry <julien.thierry.kdev@gmail.com>,
        Suzuki K Poulose <suzuki.poulose@arm.com>,
        James Hogan <jhogan@kernel.org>,
        Paul Mackerras <paulus@ozlabs.org>,
        Janosch Frank <frankja@linux.ibm.com>,
        David Hildenbrand <david@redhat.com>,
        Cornelia Huck <cohuck@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH] KVM: Forbid /dev/kvm being opened by a compat task when
 CONFIG_KVM_COMPAT=n
Message-ID: <20191114081550.3c6a7a47@why>
In-Reply-To: <CAFEAcA8c3ePLXRa_-G0jPgMVVrFHaN1Qn3qRf-WShPXmNXX6Ug@mail.gmail.com>
References: <20191113160523.16130-1-maz@kernel.org>
        <2b846839-ea81-e40c-5106-90776d964e33@de.ibm.com>
        <CAFEAcA8c3ePLXRa_-G0jPgMVVrFHaN1Qn3qRf-WShPXmNXX6Ug@mail.gmail.com>
Organization: Approximate
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 62.31.163.78
X-SA-Exim-Rcpt-To: peter.maydell@linaro.org, borntraeger@de.ibm.com, kvm@vger.kernel.org, pbonzini@redhat.com, rkrcmar@redhat.com, james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com, jhogan@kernel.org, paulus@ozlabs.org, frankja@linux.ibm.com, david@redhat.com, cohuck@redhat.com, sean.j.christopherson@intel.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org
X-SA-Exim-Mail-From: maz@kernel.org
X-SA-Exim-Scanned: No (on cheepnis.misterjones.org); SAEximRunCond expanded to false
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

On Wed, 13 Nov 2019 21:23:07 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:

> On Wed, 13 Nov 2019 at 18:44, Christian Borntraeger
> <borntraeger@de.ibm.com> wrote:
> > On 13.11.19 17:05, Marc Zyngier wrote:  
> > > On a system without KVM_COMPAT, we prevent IOCTLs from being issued
> > > by a compat task. Although this prevents most silly things from
> > > happening, it can still confuse a 32bit userspace that is able
> > > to open the kvm device (the qemu test suite seems to be pretty
> > > mad with this behaviour).
> > >
> > > Take a more radical approach and return a -ENODEV to the compat
> > > task.  
> 
> > Do we still need compat_ioctl if open never succeeds?  
> 
> I wondered about that, but presumably you could use
> fd-passing, or just inheriting open fds across exec(),
> to open the fd in a 64-bit process and then hand it off
> to a 32-bit process to call the ioctl with. (That's
> probably only something you'd do if you were
> deliberately playing silly games, of course, but
> preventing silly games is useful as it makes it
> easier to reason about kernel behaviour.)

This was exactly my train of thoughts, which I should have made clear
in the commit log. Thanks Peter for reading my mind! ;-)

	M.
-- 
Jazz is not dead. It just smells funny...