From: Jason Gunthorpe <jgg@nvidia.com>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"Hao, Xudong" <xudong.hao@intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"Xu, Terrence" <terrence.xu@intel.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Liu, Yi L" <yi.l.liu@intel.com>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"nicolinc@nvidia.com" <nicolinc@nvidia.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"robin.murphy@arm.com" <robin.murphy@arm.com>
Subject: Re: [PATCH v6 12/24] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET
Date: Mon, 20 Mar 2023 20:39:07 -0300 [thread overview]
Message-ID: <ZBjum1wQ1L2AIfhB@nvidia.com> (raw)
In-Reply-To: <20230320165217.5b1019a4.alex.williamson@redhat.com>
On Mon, Mar 20, 2023 at 04:52:17PM -0600, Alex Williamson wrote:
> > The APIs are well defined and userspace can always use them wrong. It
> > doesn't need to call RESET_INFO even today, it can just trivially pass
> > every group FD it owns to meet the security check.
>
> That's not actually true, in order to avoid arbitrarily large buffers
> from the user, the ioctl won't accept an array greater than the number
> of devices affected by the reset.
Oh yuk!
> > It is much simpler if VFIO_DEVICE_PCI_HOT_RESET can pass the security
> > check without code marshalling fds, which is why we went this
> > direction.
>
> I agree that nullifying the arg makes the ioctl easier to use, but my
> hesitation is whether it makes it more difficult to use correctly,
> which includes resetting devices unexpectedly.
I don't think it makes it harder to use correctly. It maybe makes it
easier to misuse, but IMHO not too much.
If the desire was to have an API that explicitly acknowledged the
reset scope then it should have taken in a list of device FDs and
optimally reset all of them or fail EPERM.
What is going to make this hard to use is the _INFO IOCTL, it returns
basically the BDF string, but I think we effectively get rid of this
in the new model. libvirt will know the BDF and open the cdev, then fd
pass the cdev to qemu. Qemu shouldn't also have to know the sysfs
path..
So we really want a new _INFO ioctl to make this easier to use..
> We can always blame the developer for using an interface incorrectly,
> but if we make it easier to use incorrectly in order to optimize
> something that doesn't need to be optimized, does that make it a good
> choice for the uAPI?
IMHO the API is designed around a security proof. Present some groups
and a subset of devices in those groups will be reset. You can't know
the subset unless you do the _INFO thing.
If we wanted it to be clearly linked to scope it should have taken in
a list of device FDs, and reset those devices FDs optimally or
returned -EPERM. Then the reset scope is very clearly connected to the
API.
Jason
next prev parent reply other threads:[~2023-03-20 23:41 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 13:28 [PATCH v6 00/24] cover-letter: Add vfio_device cdev for iommufd support Yi Liu
2023-03-08 13:28 ` [PATCH v6 01/24] vfio: Allocate per device file structure Yi Liu
2023-03-08 13:28 ` [PATCH v6 02/24] vfio: Refine vfio file kAPIs for KVM Yi Liu
2023-03-08 13:28 ` [PATCH v6 03/24] vfio: Accept vfio device file in the KVM facing kAPI Yi Liu
2023-03-08 13:28 ` [PATCH v6 04/24] kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd Yi Liu
2023-03-08 13:28 ` [PATCH v6 05/24] kvm/vfio: Accept vfio device file from userspace Yi Liu
2023-03-22 14:10 ` Xu Yilun
2023-03-28 3:48 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 06/24] vfio: Pass struct vfio_device_file * to vfio_device_open/close() Yi Liu
2023-03-08 13:28 ` [PATCH v6 07/24] vfio: Block device access via device fd until device is opened Yi Liu
2023-03-10 4:50 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 08/24] vfio/pci: Update comment around group_fd get in vfio_pci_ioctl_pci_hot_reset() Yi Liu
2023-03-08 13:28 ` [PATCH v6 09/24] vfio/pci: Only need to check opened devices in the dev_set for hot reset Yi Liu
2023-03-10 5:00 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 10/24] vfio/pci: Rename the helpers and data in hot reset path to accept device fd Yi Liu
2023-03-10 5:01 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 11/24] vfio/pci: Accept device fd in VFIO_DEVICE_PCI_HOT_RESET ioctl Yi Liu
2023-03-10 5:08 ` Tian, Kevin
2023-03-10 5:38 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 12/24] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET Yi Liu
2023-03-10 5:31 ` Tian, Kevin
2023-03-10 6:04 ` Liu, Yi L
2023-03-10 9:08 ` Tian, Kevin
2023-03-10 17:42 ` Jason Gunthorpe
2023-03-15 22:53 ` Alex Williamson
2023-03-15 23:31 ` Tian, Kevin
2023-03-16 3:54 ` [offlist] " Liu, Yi L
2023-03-16 6:09 ` Tian, Kevin
2023-03-16 6:28 ` Liu, Yi L
2023-03-16 6:49 ` Nicolin Chen
2023-03-16 13:22 ` Liu, Yi L
2023-03-16 21:27 ` Nicolin Chen
2023-03-16 18:45 ` Alex Williamson
2023-03-16 23:29 ` Tian, Kevin
2023-03-17 0:22 ` Alex Williamson
2023-03-17 0:57 ` Tian, Kevin
2023-03-17 15:15 ` Alex Williamson
2023-03-20 17:14 ` Jason Gunthorpe
2023-03-20 22:52 ` Alex Williamson
2023-03-20 23:39 ` Jason Gunthorpe [this message]
2023-03-21 20:31 ` Alex Williamson
2023-03-21 20:50 ` Jason Gunthorpe
2023-03-21 21:01 ` Alex Williamson
2023-03-21 22:20 ` Jason Gunthorpe
2023-03-21 22:47 ` Alex Williamson
2023-03-22 4:42 ` Liu, Yi L
2023-03-22 12:23 ` Alex Williamson
2023-03-22 12:27 ` Jason Gunthorpe
2023-03-22 12:36 ` Alex Williamson
2023-03-22 12:47 ` Jason Gunthorpe
2023-03-24 9:09 ` Tian, Kevin
2023-03-24 13:14 ` Jason Gunthorpe
2023-03-22 8:17 ` Liu, Yi L
2023-03-22 12:17 ` Jason Gunthorpe
2023-03-22 13:33 ` Liu, Yi L
2023-03-22 13:43 ` Jason Gunthorpe
2023-03-23 3:15 ` Liu, Yi L
2023-03-23 12:02 ` Jason Gunthorpe
2023-03-24 9:25 ` Liu, Yi L
2023-03-27 11:57 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 13/24] vfio/iommufd: Split the compat_ioas attach out from vfio_iommufd_bind() Yi Liu
2023-03-10 8:08 ` Tian, Kevin
2023-03-10 8:22 ` Liu, Yi L
2023-03-10 9:10 ` Tian, Kevin
2023-03-11 10:24 ` Liu, Yi L
2023-03-13 2:06 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 14/24] vfio: Add cdev_device_open_cnt to vfio_group Yi Liu
2023-03-08 13:28 ` [PATCH v6 15/24] vfio: Make vfio_device_open() single open for device cdev path Yi Liu
2023-03-08 13:28 ` [PATCH v6 16/24] vfio: Make vfio_device_first_open() to cover the noiommu mode in " Yi Liu
2023-03-10 8:30 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 17/24] vfio-iommufd: Make vfio_iommufd_bind() selectively return devid Yi Liu
2023-03-10 8:31 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 18/24] vfio-iommufd: Add detach_ioas support for physical VFIO devices Yi Liu
2023-03-08 13:28 ` [PATCH v6 19/24] vfio-iommufd: Add detach_ioas support for emulated " Yi Liu
2023-03-10 23:42 ` Nicolin Chen
2023-03-15 6:15 ` Liu, Yi L
2023-03-15 6:25 ` Nicolin Chen
2023-03-08 13:28 ` [PATCH v6 20/24] vfio: Add cdev for vfio_device Yi Liu
2023-03-10 8:48 ` Tian, Kevin
2023-03-10 9:59 ` Liu, Yi L
2023-03-08 13:29 ` [PATCH v6 21/24] vfio: Add VFIO_DEVICE_BIND_IOMMUFD Yi Liu
2023-03-10 9:01 ` Tian, Kevin
2023-03-10 9:58 ` Liu, Yi L
2023-03-10 10:06 ` Tian, Kevin
2023-03-15 4:40 ` Liu, Yi L
2023-03-15 6:57 ` Tian, Kevin
2023-03-20 14:09 ` Jason Gunthorpe
2023-03-20 14:31 ` Yi Liu
2023-03-20 17:16 ` Jason Gunthorpe
2023-03-21 1:30 ` Tian, Kevin
2023-03-21 12:00 ` Jason Gunthorpe
2023-03-21 14:37 ` Liu, Yi L
2023-03-21 14:41 ` Jason Gunthorpe
2023-03-21 14:51 ` Liu, Yi L
2023-03-21 14:58 ` Jason Gunthorpe
2023-03-21 15:10 ` Liu, Yi L
2023-03-21 16:54 ` Jason Gunthorpe
2023-03-08 13:29 ` [PATCH v6 22/24] vfio: Add VFIO_DEVICE_AT[DE]TACH_IOMMUFD_PT Yi Liu
2023-03-08 13:29 ` [PATCH v6 23/24] vfio: Compile group optionally Yi Liu
2023-03-10 9:03 ` Tian, Kevin
2023-03-08 13:29 ` [PATCH v6 24/24] docs: vfio: Add vfio device cdev description Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZBjum1wQ1L2AIfhB@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terrence.xu@intel.com \
--cc=xudong.hao@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox