From: "Michael S. Tsirkin" <mst@redhat.com>
To: Eugenio Perez Martin <eperezma@redhat.com>
Cc: virtualization@lists.linux.dev, linux-kernel@vger.kernel.org,
Hanna Reitz <hreitz@redhat.com>,
Xuan Zhuo <xuanzhuo@linux.alibaba.com>,
Jason Wang <jasowang@redhat.com>,
German Maglione <gmaglione@redhat.com>,
stefanha@redhat.com
Subject: Re: [PATCH] vduse: add virtio_fs to allowed dev id
Date: Tue, 25 Feb 2025 07:31:03 -0500 [thread overview]
Message-ID: <20250225072222-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CAJaqyWfir7+oVtC3Z+eC+jbDxkACs0J9a4-wnx_dgU5VeFhr8A@mail.gmail.com>
On Tue, Feb 25, 2025 at 01:17:02PM +0100, Eugenio Perez Martin wrote:
> On Mon, Feb 24, 2025 at 10:51 PM Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > On Tue, Jan 21, 2025 at 11:33:46AM +0100, Eugenio Pérez wrote:
> > > A VDUSE device that implements virtiofs device works fine just by
> > > adding the device id to the whitelist.
> > >
> > > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
> >
> >
> > OK, but the commit log really should say why
> > you are doing this.
>
> Sure I can expand on the motivation.
>
> Something like "Allowing VDUSE FS type allows to build filesystems
> that run in userspace and can be presented transparently to the host
> and the guest. After modifying userland's libfuse, this allows to
> expose a good amount to already available userland FS through vDPA."
>
> I'd add using the high performance virtio protocol but I still need to
> do more tests for this TBH.
>
> > And also why is it safe.
> >
>
> Can you expand on the scenarios you think this is insecure? While I
> understand it's security sensitive, you already need root to perform
> vdpa device operations. Is FS different from net or block?
>
> Thanks!
I did not say it was insecure, just that you need to explain the
security considerations in the commit log.
The issue is that when one gave access to vdpa user device previously
it would only allow mounting blk now a filesystem.
Net is different, it is gated by CAP_NET_ADMIN.
When net was introduced, selinux was there initially then it
was deferred and never surfaced.
Maybe we should revive it so it is possible to control which
devices can be created in a granular way.
> > > ---
> > > drivers/vdpa/vdpa_user/vduse_dev.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c
> > > index 7ae99691efdf..6a9a37351310 100644
> > > --- a/drivers/vdpa/vdpa_user/vduse_dev.c
> > > +++ b/drivers/vdpa/vdpa_user/vduse_dev.c
> > > @@ -144,6 +144,7 @@ static struct workqueue_struct *vduse_irq_bound_wq;
> > > static u32 allowed_device_id[] = {
> > > VIRTIO_ID_BLOCK,
> > > VIRTIO_ID_NET,
> > > + VIRTIO_ID_FS,
> > > };
> > >
> > > static inline struct vduse_dev *vdpa_to_vduse(struct vdpa_device *vdpa)
> > > --
> > > 2.48.1
> >
next prev parent reply other threads:[~2025-02-25 12:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 10:33 [PATCH] vduse: add virtio_fs to allowed dev id Eugenio Pérez
2025-01-22 15:49 ` Stefan Hajnoczi
2025-01-23 1:49 ` Jason Wang
2025-01-23 7:26 ` Eugenio Perez Martin
2025-01-23 20:00 ` Stefan Hajnoczi
2025-02-24 21:51 ` Michael S. Tsirkin
2025-02-25 12:17 ` Eugenio Perez Martin
2025-02-25 12:31 ` Michael S. Tsirkin [this message]
2025-03-05 4:32 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250225072222-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=eperezma@redhat.com \
--cc=gmaglione@redhat.com \
--cc=hreitz@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux.dev \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox