From: Jason Gunthorpe <jgg@nvidia.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Eric Auger <eric.auger@redhat.com>,
Christoph Hellwig <hch@lst.de>, "Liu, Yi L" <yi.l.liu@intel.com>
Subject: Re: [PATCH 09/10] kvm/vfio: Remove vfio_group from kvm
Date: Fri, 15 Apr 2022 18:56:04 -0300 [thread overview]
Message-ID: <20220415215604.GN2120790@nvidia.com> (raw)
In-Reply-To: <BN9PR11MB5276994F15C8A13C33C600118CEE9@BN9PR11MB5276.namprd11.prod.outlook.com>
On Fri, Apr 15, 2022 at 04:21:45AM +0000, Tian, Kevin wrote:
> > From: Jason Gunthorpe <jgg@nvidia.com>
> > Sent: Friday, April 15, 2022 2:46 AM
> >
> > None of the VFIO APIs take in the vfio_group anymore, so we can remove it
> > completely.
> >
> > This has a subtle side effect on the enforced coherency tracking. The
> > vfio_group_get_external_user() was holding on to the container_users which
> > would prevent the iommu_domain and thus the enforced coherency value
> > from
> > changing while the group is registered with kvm.
> >
> > It changes the security proof slightly into 'user must hold a group FD
> > that has a device that cannot enforce DMA coherence'. As opening the group
> > FD, not attaching the container, is the privileged operation this doesn't
> > change the security properties much.
>
> If we allow vfio_file_enforced_coherent() to return error then the security
> proof can be sustained? In this case kvm can simply reject adding a group
> which is opened but not attached to a container.
The issue is the user can detatch the container from the group because
kvm no longer holds a refcount on the container.
Jason
next prev parent reply other threads:[~2022-04-15 21:56 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 18:45 [PATCH 00/10] Remove vfio_group from the struct file facing VFIO API Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 01/10] kvm/vfio: Move KVM_DEV_VFIO_GROUP_* ioctls into functions Jason Gunthorpe
2022-04-15 3:36 ` Tian, Kevin
2022-04-15 7:18 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 02/10] kvm/vfio: Reduce the scope of PPC #ifdefs Jason Gunthorpe
2022-04-15 4:47 ` Christoph Hellwig
2022-04-15 12:13 ` Jason Gunthorpe
2022-04-15 12:35 ` Jason Gunthorpe
2022-04-15 14:36 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 03/10] kvm/vfio: Store the struct file in the kvm_vfio_group Jason Gunthorpe
2022-04-15 3:44 ` Tian, Kevin
2022-04-15 22:24 ` Jason Gunthorpe
2022-04-15 7:20 ` Christoph Hellwig
2022-04-19 19:24 ` Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 04/10] vfio: Use a struct of function pointers instead of a many symbol_get()'s Jason Gunthorpe
2022-04-15 3:57 ` Tian, Kevin
2022-04-15 21:54 ` Jason Gunthorpe
2022-04-16 0:00 ` Tian, Kevin
2022-04-16 1:33 ` Jason Gunthorpe
2022-04-18 3:56 ` Tian, Kevin
2022-04-19 12:16 ` Jason Gunthorpe
2022-04-15 4:45 ` Christoph Hellwig
2022-04-15 12:13 ` Jason Gunthorpe
2022-04-15 14:36 ` Christoph Hellwig
2022-04-15 15:31 ` Jason Gunthorpe
2022-04-14 18:46 ` [PATCH 05/10] vfio: Move vfio_external_user_iommu_id() to vfio_file_ops Jason Gunthorpe
2022-04-15 3:59 ` Tian, Kevin
2022-04-15 7:31 ` Christoph Hellwig
2022-04-15 12:25 ` Jason Gunthorpe
2022-04-15 14:37 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 06/10] vfio: Remove vfio_external_group_match_file() Jason Gunthorpe
2022-04-15 4:02 ` Tian, Kevin
2022-04-15 7:32 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 07/10] vfio: Move vfio_external_check_extension() to vfio_file_ops Jason Gunthorpe
2022-04-15 4:07 ` Tian, Kevin
2022-04-19 19:23 ` Jason Gunthorpe
2022-04-20 3:05 ` Tian, Kevin
2022-04-15 4:48 ` Christoph Hellwig
2022-04-14 18:46 ` [PATCH 08/10] vfio: Move vfio_group_set_kvm() into vfio_file_ops Jason Gunthorpe
2022-04-15 4:09 ` Tian, Kevin
2022-04-14 18:46 ` [PATCH 09/10] kvm/vfio: Remove vfio_group from kvm Jason Gunthorpe
2022-04-15 4:21 ` Tian, Kevin
2022-04-15 21:56 ` Jason Gunthorpe [this message]
2022-04-16 0:42 ` Tian, Kevin
2022-04-16 1:34 ` Jason Gunthorpe
2022-04-18 6:09 ` Tian, Kevin
2022-04-14 18:46 ` [PATCH 10/10] vfio/pci: Use the struct file as the handle not the vfio_group Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220415215604.GN2120790@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=hch@lst.de \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox