Re: [Qemu-devel] [PATCH] mark nic as trusted

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Gleb Natapov <gleb@redhat.com>
To: Mark McLoughlin <markmc@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
Date: Wed, 7 Jan 2009 17:19:12 +0200	[thread overview]
Message-ID: <20090107151912.GF3267@redhat.com> (raw)
In-Reply-To: <1231340671.5050.69.camel@localhost.localdomain>

On Wed, Jan 07, 2009 at 03:04:31PM +0000, Mark McLoughlin wrote:
> Hi Gleb,
> 
> On Wed, 2009-01-07 at 16:26 +0200, Gleb Natapov wrote:
> 
> > This patch allows to mark specific nic as trusted by adding special
> > PCI capability. "Trusted" means that it is used for communication
> > between host and guest and no malicious entity can inject traffic
> > to the nic.
> 
> I'm not sure I follow - is this cookie a shared secret that only the
> host and guest knows, or do literally mean that the cookie will contain
> the string "Trusted" as a indicator that the guest can trust the NIC?
> 
The presence of the capability indicates that the nic is trusted, but I
added a possibility to pass 14 byte string from a host too. The string can
be used as shared secret.

> > Signed-off-by: Gleb Natapov <gleb@redhat.com>
> ...
> > diff --git a/hw/virtio-net.c b/hw/virtio-net.c
> > index 1f45b2d..186c6bd 100644
> > --- a/hw/virtio-net.c
> > +++ b/hw/virtio-net.c
> > @@ -309,6 +309,9 @@ PCIDevice *virtio_net_init(PCIBus *bus, NICInfo *nd, int devfn)
> >      if (!n)
> >          return NULL;
> >  
> > +    if (nd->secure_cookie[0])
> > +        pci_add_capability(&n->vdev.pci_dev, 0x0f, 0xf0, nd->secure_cookie, 14);
> 
> How was the Capability ID 0x0f chosen? It it unallocated by the PCI SIG
> allocated it or ...? I see it's not defined in the kernel sources:
> 
> #define  PCI_CAP_ID_AGP3        0x0E    /* AGP Target PCI-PCI bridge */
> #define  PCI_CAP_ID_EXP         0x10    /* PCI Express */
> 
It is "secure device capability", so I used it based on the name.

> Also, to reduce magic numbers it would be nice to define the CAP_ID
> (0xf) and offset (0xf0) as a macro somewhere and use
> sizeof(nd->secure_cookie) instead of 14.
OK. Good point.

> 
> > diff --git a/net.c b/net.c
> > index 6af4255..000768f 100644
> > --- a/net.c
> > +++ b/net.c
> > @@ -1474,6 +1474,11 @@ int net_client_init(const char *device, const char *p)
> >          if (get_param_value(buf, sizeof(buf), "model", p)) {
> >              nd->model = strdup(buf);
> >          }
> > +        if (get_param_value(buf, sizeof(buf), "trusted", p)) {
> > +            strncpy(nd->secure_cookie, buf, sizeof(nd->secure_cookie));
> > +        } else {
> > +            nd->secure_cookie[0] = NULL;
> 
> NULL isn't a uint8_t, use '\0' instead I guess. Or maybe just memset()
> the NICInfo struct before starting to assign to it.
> 
OK. I wounder why I've used NULL here in the first place.

--
			Gleb.

next prev parent reply	other threads:[~2009-01-07 15:18 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-07 14:26 [Qemu-devel] [PATCH] mark nic as trusted Gleb Natapov
2009-01-07 15:04 ` Mark McLoughlin
2009-01-07 15:19   ` Gleb Natapov [this message]
2009-01-07 15:41     ` Mark McLoughlin
2009-01-07 16:02       ` Gleb Natapov
2009-01-07 16:34 ` Anthony Liguori
2009-01-07 16:50   ` Gleb Natapov
2009-01-07 17:53     ` Anthony Liguori
2009-01-07 17:54       ` Anthony Liguori
2009-01-07 18:41         ` Gleb Natapov
2009-01-07 19:26           ` Anthony Liguori
2009-01-07 19:46             ` Gleb Natapov
2009-01-08 19:58               ` Anthony Liguori
2009-01-08 21:26                 ` Gleb Natapov
2009-01-08 21:42                   ` Anthony Liguori
2009-01-08 22:49                     ` Jamie Lokier
2009-01-08 23:14                       ` Dor Laor
2009-01-09 10:41                         ` Daniel P. Berrange
2009-01-10  2:18                           ` Jamie Lokier
2009-01-10 18:22                             ` Anthony Liguori
2009-01-11  4:55                               ` Jamie Lokier
2009-01-11  7:10                                 ` Blue Swirl
2009-01-11 14:08                                   ` Carl-Daniel Hailfinger
2009-01-11 15:07                                     ` Dor Laor
2009-01-11 15:34                                       ` Blue Swirl
2009-01-11 16:01                                         ` Dor Laor
2009-01-12  2:20                                           ` Jamie Lokier
2009-01-12  8:05                                             ` Gleb Natapov
2009-01-12 12:26                                               ` Dor Laor
2009-01-10  2:27                         ` Jamie Lokier
2009-01-08 23:26                       ` Anthony Liguori
2009-01-10  2:31                         ` Jamie Lokier
2009-01-10 18:24                           ` Anthony Liguori
2009-01-11  4:40                             ` Jamie Lokier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090107151912.GF3267@redhat.com \
    --to=gleb@redhat.com \
    --cc=markmc@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).