Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
From: Jason Gunthorpe <jgg@xxxxxxxxxx>
Date: Wed, 11 Oct 2023 14:20:14 -0300
Cc: Parav Pandit <parav@xxxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Yishai Hadas <yishaih@xxxxxxxxxx>, "alex.williamson@xxxxxxxxxx" <alex.williamson@xxxxxxxxxx>, "jasowang@xxxxxxxxxx" <jasowang@xxxxxxxxxx>, "kvm@xxxxxxxxxxxxxxx" <kvm@xxxxxxxxxxxxxxx>, "virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx" <virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Feng Liu <feliu@xxxxxxxxxx>, Jiri Pirko <jiri@xxxxxxxxxx>, "kevin.tian@xxxxxxxxx" <kevin.tian@xxxxxxxxx>, "joao.m.martins@xxxxxxxxxx" <joao.m.martins@xxxxxxxxxx>, Leon Romanovsky <leonro@xxxxxxxxxx>, Maor Gottlieb <maorg@xxxxxxxxxx>
In-reply-to: <20231011130018-mutt-send-email-mst@kernel.org>
References: <e979dfa2-0733-7f0f-dd17-49ed89ef6c40@nvidia.com> <20231010111339-mutt-send-email-mst@kernel.org> <20231010155937.GN3952@nvidia.com> <ZSY9Cv5/e3nfA7ux@infradead.org> <20231011021454-mutt-send-email-mst@kernel.org> <ZSZHzs38Q3oqyn+Q@infradead.org> <PH0PR12MB5481336B395F38E875ED11D8DCCCA@PH0PR12MB5481.namprd12.prod.outlook.com> <20231011040331-mutt-send-email-mst@kernel.org> <20231011121849.GV3952@nvidia.com> <20231011130018-mutt-send-email-mst@kernel.org>

On Wed, Oct 11, 2023 at 01:03:09PM -0400, Michael S. Tsirkin wrote:
> On Wed, Oct 11, 2023 at 09:18:49AM -0300, Jason Gunthorpe wrote:
> > The simple way to be sure is to never touch the PCI function that has
> > DMA assigned to a VM from the hypervisor, except through config space.
> 
> What makes config space different that it's safe though?

Hypervisor fully mediates it and it is not accessible to P2P attacks.

> Isn't this more of a "we can't avoid touching config space" than
> that it's safe? The line doesn't look that bright to me -
> if there's e.g. a memory area designed explicitly for
> hypervisor to poke at, that seems fine.

It is not.

Jason

References:
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Yishai Hadas
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Michael S. Tsirkin
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Jason Gunthorpe
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Christoph Hellwig
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Michael S. Tsirkin
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Christoph Hellwig
- RE: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Parav Pandit
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Michael S. Tsirkin
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Jason Gunthorpe
- Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
  - From: Michael S. Tsirkin

Prev by Date: Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
Next by Date: Re: [PATCH v5 09/17] KVM: Introduce KVM_CAP_USERFAULT_ON_MISSING without implementation
Previous by thread: Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
Next by thread: Re: [PATCH vfio 10/11] vfio/virtio: Expose admin commands over virtio device
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]