From: Jason Gunthorpe <jgg@nvidia.com>
To: "Liu, Yi L" <yi.l.liu@intel.com>
Cc: "joro@8bytes.org" <joro@8bytes.org>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"nicolinc@nvidia.com" <nicolinc@nvidia.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>
Subject: Re: [PATCH v3 03/15] vfio: Accept vfio device file in the driver facing kAPI
Date: Wed, 15 Feb 2023 10:46:34 -0400 [thread overview]
Message-ID: <Y+zwSn63eA7HrefO@nvidia.com> (raw)
In-Reply-To: <DS0PR11MB75299F5D92AAC33FD8690694C3A39@DS0PR11MB7529.namprd11.prod.outlook.com>
On Wed, Feb 15, 2023 at 02:43:20PM +0000, Liu, Yi L wrote:
> > From: Jason Gunthorpe <jgg@nvidia.com>
> > Sent: Wednesday, February 15, 2023 8:39 PM
> >
> > On Tue, Feb 14, 2023 at 02:02:37AM +0000, Liu, Yi L wrote:
> > > > From: Jason Gunthorpe <jgg@nvidia.com>
> > > > Sent: Tuesday, February 14, 2023 7:44 AM
> > > >
> > > > On Mon, Feb 13, 2023 at 07:13:36AM -0800, Yi Liu wrote:
> > > > > +static struct vfio_device *vfio_device_from_file(struct file *file)
> > > > > +{
> > > > > + struct vfio_device_file *df = file->private_data;
> > > > > +
> > > > > + if (file->f_op != &vfio_device_fops)
> > > > > + return NULL;
> > > > > + return df->device;
> > > > > +}
> > > > > +
> > > > > /**
> > > > > * vfio_file_is_valid - True if the file is usable with VFIO APIS
> > > > > * @file: VFIO group file or VFIO device file
> > > > > */
> > > > > bool vfio_file_is_valid(struct file *file)
> > > > > {
> > > > > - return vfio_group_from_file(file);
> > > > > + return vfio_group_from_file(file) ||
> > > > > + vfio_device_from_file(file);
> > > > > }
> > > > > EXPORT_SYMBOL_GPL(vfio_file_is_valid);
> > > >
> > > > This can only succeed on a device cdev that has been fully opened.
> > >
> > > Actually, we cannot. This is used in the kvm-vfio code to see if the
> > > user-provided fd is vfio fds in the SET_KVM path. And we don't
> > > have the device cdev fully opened until BIND_IOMMUFD. But we do
> > > need to invoke SET_KVM before issuing BIND_IOMMUFD as the device
> > > open needs kvm pointer. So if we cannot apply fully opened limit to this
> > > interface. Maybe an updated function comment is needed.
> >
> > This also seems sketchy, KVM is using the VFIO fd as a "proof" to
> > enable the wbinvd stuff. A half opened cdev should not be used as that
> > proof.
>
> From this angle, the group path seems has the same concern. Device is not
> opened until VFIO_GROUP_GET_DEVICE_FD.
Well, classically the device was DMA ownership claimed at least.
> But group path has one advantage, which make it ok. Group can only be
> opened by one application. So once it is opened, the devices within the
> group are somehow obtained by the application until group fd close.
It depends on what do we want the KVM proof to actually mean.
Is simply having permissions on the cdev node sufficient proof for
wbinvd?
I admit I poorly understand the threat model for this in kvm beyond
that kvm doesn't want everyone to use wbinvd.
> > Regardless it needs to be fixed for the pci usage.
>
> For the pci usage, does my below reply make any sense?
>
> https://lore.kernel.org/kvm/DS0PR11MB7529CFCE99E8A77AAC76DC7CC3A39@DS0PR11MB7529.namprd11.prod.outlook.com/T/#m7c00ae5dcae15f42b6dc0b3767c7037b99f53a56
You basically end up with two APIs that test two different levels of
openeness (I have permissions vs I actually am the driver owning this device)
Document it carefully at least
Jason
next prev parent reply other threads:[~2023-02-15 14:47 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-13 15:13 [PATCH v3 00/15] Add vfio_device cdev for iommufd support Yi Liu
2023-02-13 15:13 ` [PATCH v3 01/15] vfio: Allocate per device file structure Yi Liu
2023-02-13 15:13 ` [PATCH v3 02/15] vfio: Refine vfio file kAPIs Yi Liu
2023-02-13 15:13 ` [PATCH v3 03/15] vfio: Accept vfio device file in the driver facing kAPI Yi Liu
2023-02-13 23:21 ` Alex Williamson
2023-02-14 2:19 ` Liu, Yi L
2023-02-13 23:43 ` Jason Gunthorpe
2023-02-14 2:02 ` Liu, Yi L
2023-02-14 7:19 ` Liu, Yi L
2023-02-17 10:55 ` Liu, Yi L
2023-02-17 15:59 ` Jason Gunthorpe
2023-02-18 2:54 ` Liu, Yi L
2023-02-15 12:38 ` Jason Gunthorpe
2023-02-15 14:43 ` Liu, Yi L
2023-02-15 14:46 ` Jason Gunthorpe [this message]
2023-02-15 15:32 ` Alex Williamson
2023-02-15 17:04 ` Jason Gunthorpe
2023-02-15 17:19 ` Alex Williamson
2023-02-15 17:33 ` Jason Gunthorpe
2023-02-13 15:13 ` [PATCH v3 04/15] kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd Yi Liu
2023-02-13 15:13 ` [PATCH v3 05/15] kvm/vfio: Accept vfio device file from userspace Yi Liu
2023-02-14 22:26 ` Alex Williamson
2023-02-14 23:25 ` Jason Gunthorpe
2023-02-14 23:42 ` Alex Williamson
2023-02-15 0:17 ` Jason Gunthorpe
2023-02-15 0:27 ` Timothy Pearson
2023-02-17 5:34 ` Liu, Yi L
2023-02-17 5:48 ` Liu, Yi L
2023-02-17 16:00 ` Jason Gunthorpe
2023-02-15 7:37 ` Liu, Yi L
2023-02-13 15:13 ` [PATCH v3 06/15] vfio: Pass struct vfio_device_file * to vfio_device_open/close() Yi Liu
2023-02-13 15:13 ` [PATCH v3 07/15] vfio: Block device access via device fd until device is opened Yi Liu
2023-02-14 22:46 ` Alex Williamson
2023-02-15 6:12 ` Liu, Yi L
2023-02-13 15:13 ` [PATCH v3 08/15] vfio: Add infrastructure for bind_iommufd from userspace Yi Liu
2023-02-13 15:13 ` [PATCH v3 09/15] vfio-iommufd: Add detach_ioas support for physical VFIO devices Yi Liu
2023-02-14 8:05 ` Tian, Kevin
2023-02-13 15:13 ` [PATCH v3 10/15] vfio-iommufd: Add detach_ioas for emulated " Yi Liu
2023-02-14 8:06 ` Tian, Kevin
2023-02-13 15:13 ` [PATCH v3 11/15] vfio: Add cdev_device_open_cnt to vfio_group Yi Liu
2023-02-14 8:18 ` Tian, Kevin
2023-02-13 15:13 ` [PATCH v3 12/15] vfio: Make vfio_device_open() single open for device cdev path Yi Liu
2023-02-14 8:25 ` Tian, Kevin
2023-02-13 15:13 ` [PATCH v3 13/15] vfio: Add cdev for vfio_device Yi Liu
2023-02-14 8:32 ` Tian, Kevin
2023-02-14 8:35 ` Liu, Yi L
2023-02-13 15:13 ` [PATCH v3 14/15] vfio: Add ioctls for device cdev using iommufd Yi Liu
2023-02-14 8:53 ` Tian, Kevin
2023-02-14 23:39 ` Yan Zhao
2023-02-15 2:04 ` Tian, Kevin
2023-02-15 7:37 ` Liu, Yi L
2023-02-16 8:24 ` Yan Zhao
2023-02-16 9:10 ` Liu, Yi L
2023-02-16 9:23 ` Yan Zhao
2023-02-16 10:28 ` Liu, Yi L
2023-02-16 14:24 ` Jason Gunthorpe
2023-02-13 15:13 ` [PATCH v3 15/15] vfio: Compile group optionally Yi Liu
2023-02-13 19:47 ` [PATCH v3 00/15] Add vfio_device cdev for iommufd support Alex Williamson
2023-02-13 23:21 ` Jason Gunthorpe
2023-02-14 15:15 ` Liu, Yi L
2023-02-14 15:54 ` Alex Williamson
2023-02-14 16:48 ` Jason Gunthorpe
2023-02-14 1:55 ` Liu, Yi L
2023-02-14 15:47 ` Alex Williamson
2023-02-15 7:54 ` Liu, Yi L
2023-02-15 20:09 ` Alex Williamson
2023-02-16 2:53 ` Liu, Yi L
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+zwSn63eA7HrefO@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).