From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Eric Auger <eric.auger@redhat.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"Rodel, Jorg" <jroedel@suse.de>,
Lu Baolu <baolu.lu@linux.intel.com>,
Chaitanya Kulkarni <chaitanyak@nvidia.com>,
Cornelia Huck <cohuck@redhat.com>,
Daniel Jordan <daniel.m.jordan@oracle.com>,
David Gibson <david@gibson.dropbear.id.au>,
Eric Farman <farman@linux.ibm.com>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
Jason Wang <jasowang@redhat.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
"Martins, Joao" <joao.m.martins@oracle.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Matthew Rosato <mjrosato@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Nicolin Chen <nicolinc@nvidia.com>,
Niklas Schnelle <schnelle@linux.ibm.com>,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>,
"Liu, Yi L" <yi.l.liu@intel.com>,
Keqian Zhu <zhukeqian1@huawei.com>,
Steve Sistare <steven.sistare@oracle.com>,
"libvir-list@redhat.com" <libvir-list@redhat.com>,
Laine Stump <laine@redhat.com>
Subject: Re: [PATCH RFC v2 00/13] IOMMUFD Generic interface
Date: Thu, 22 Sep 2022 15:49:02 +0100 [thread overview]
Message-ID: <Yyx13kXCF4ovsxZg@redhat.com> (raw)
In-Reply-To: <YyxsV5SH85YcwKum@nvidia.com>
On Thu, Sep 22, 2022 at 11:08:23AM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 22, 2022 at 12:20:50PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Sep 21, 2022 at 03:44:24PM -0300, Jason Gunthorpe wrote:
> > > On Wed, Sep 21, 2022 at 12:06:49PM -0600, Alex Williamson wrote:
> > > > The issue is where we account these pinned pages, where accounting is
> > > > necessary such that a user cannot lock an arbitrary number of pages
> > > > into RAM to generate a DoS attack.
> > >
> > > It is worth pointing out that preventing a DOS attack doesn't actually
> > > work because a *task* limit is trivially bypassed by just spawning
> > > more tasks. So, as a security feature, this is already very
> > > questionable.
> >
> > The malicious party on host VM hosts is generally the QEMU process.
> > QEMU is normally prevented from spawning more tasks, both by SELinux
> > controls and be the seccomp sandbox blocking clone() (except for
> > thread creation). We need to constrain what any individual QEMU can
> > do to the host, and the per-task mem locking limits can do that.
>
> Even with syscall limits simple things like execve (enabled eg for
> qemu self-upgrade) can corrupt the kernel task-based accounting to the
> point that the limits don't work.
Note, execve is currently blocked by default too by the default
seccomp sandbox used with libvirt, as well as by the SELinux
policy again. self-upgrade isn't a feature that exists (yet).
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-09-22 14:49 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-02 19:59 [PATCH RFC v2 00/13] IOMMUFD Generic interface Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 01/13] interval-tree: Add a utility to iterate over spans in an interval tree Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 02/13] iommufd: Overview documentation Jason Gunthorpe
2022-09-07 1:39 ` David Gibson
2022-09-09 18:52 ` Jason Gunthorpe
2022-09-12 10:40 ` David Gibson
2022-09-27 17:33 ` Jason Gunthorpe
2022-09-29 3:47 ` David Gibson
2022-09-02 19:59 ` [PATCH RFC v2 03/13] iommufd: File descriptor, context, kconfig and makefiles Jason Gunthorpe
2022-09-04 8:19 ` Baolu Lu
2022-09-09 18:46 ` Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 04/13] kernel/user: Allow user::locked_vm to be usable for iommufd Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 05/13] iommufd: PFN handling for iopt_pages Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 06/13] iommufd: Algorithms for PFN storage Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 07/13] iommufd: Data structure to provide IOVA to PFN mapping Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 08/13] iommufd: IOCTLs for the io_pagetable Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 09/13] iommufd: Add a HW pagetable object Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 10/13] iommufd: Add kAPI toward external drivers for physical devices Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 11/13] iommufd: Add kAPI toward external drivers for kernel access Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 12/13] iommufd: vfio container FD ioctl compatibility Jason Gunthorpe
2022-09-02 19:59 ` [PATCH RFC v2 13/13] iommufd: Add a selftest Jason Gunthorpe
2022-09-13 1:55 ` [PATCH RFC v2 00/13] IOMMUFD Generic interface Tian, Kevin
2022-09-13 7:28 ` Eric Auger
2022-09-20 19:56 ` Jason Gunthorpe
2022-09-21 3:48 ` Tian, Kevin
2022-09-21 18:06 ` Alex Williamson
2022-09-21 18:44 ` Jason Gunthorpe
2022-09-21 19:30 ` Steven Sistare
2022-09-21 23:09 ` Jason Gunthorpe
2022-10-06 16:01 ` Jason Gunthorpe
2022-10-06 22:57 ` Steven Sistare
2022-10-10 20:54 ` Steven Sistare
2022-10-11 12:30 ` Jason Gunthorpe
2022-10-11 20:30 ` Steven Sistare
2022-10-12 12:32 ` Jason Gunthorpe
2022-10-12 13:50 ` Steven Sistare
2022-10-12 14:40 ` Jason Gunthorpe
2022-10-12 14:55 ` Steven Sistare
2022-10-12 14:59 ` Jason Gunthorpe
2022-09-21 23:20 ` Jason Gunthorpe
2022-09-22 11:20 ` Daniel P. Berrangé
2022-09-22 14:08 ` Jason Gunthorpe
2022-09-22 14:49 ` Daniel P. Berrangé [this message]
2022-09-22 14:51 ` Jason Gunthorpe
2022-09-22 15:00 ` Daniel P. Berrangé
2022-09-22 15:31 ` Jason Gunthorpe
2022-09-23 8:54 ` Daniel P. Berrangé
2022-09-23 13:29 ` Jason Gunthorpe
2022-09-23 13:35 ` Daniel P. Berrangé
2022-09-23 13:46 ` Jason Gunthorpe
2022-09-23 14:00 ` Daniel P. Berrangé
2022-09-23 15:40 ` Laine Stump
2022-10-21 19:56 ` Jason Gunthorpe
2022-09-23 14:03 ` Alex Williamson
2022-09-26 6:34 ` David Gibson
2022-09-21 22:36 ` Laine Stump
2022-09-22 11:06 ` Daniel P. Berrangé
2022-09-22 14:13 ` Jason Gunthorpe
2022-09-22 14:46 ` Daniel P. Berrangé
2022-09-13 2:05 ` Tian, Kevin
2022-09-20 20:07 ` Jason Gunthorpe
2022-09-21 3:40 ` Tian, Kevin
2022-09-21 16:19 ` Jason Gunthorpe
2022-09-26 13:48 ` Rodel, Jorg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yyx13kXCF4ovsxZg@redhat.com \
--to=berrange@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=baolu.lu@linux.intel.com \
--cc=chaitanyak@nvidia.com \
--cc=cohuck@redhat.com \
--cc=daniel.m.jordan@oracle.com \
--cc=david@gibson.dropbear.id.au \
--cc=eric.auger@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iommu@lists.linux.dev \
--cc=jasowang@redhat.com \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=joao.m.martins@oracle.com \
--cc=jroedel@suse.de \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=laine@redhat.com \
--cc=libvir-list@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=mst@redhat.com \
--cc=nicolinc@nvidia.com \
--cc=schnelle@linux.ibm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=steven.sistare@oracle.com \
--cc=yi.l.liu@intel.com \
--cc=zhukeqian1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox