RE: [RFC PATCH] vfio/pci: add PCIe TPH to device feature ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> -----Original Message-----
> From: Jason Gunthorpe <jgg@xxxxxxxx>
> Sent: Wednesday, March 5, 2025 12:58 PM
> To: Wathsala Wathawana Vithanage <wathsala.vithanage@xxxxxxx>
> Cc: Alex Williamson <alex.williamson@xxxxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx; nd <nd@xxxxxxx>; Kevin Tian <kevin.tian@xxxxxxxxx>;
> Philipp Stanner <pstanner@xxxxxxxxxx>; Yunxiang Li <Yunxiang.Li@xxxxxxx>;
> Dr. David Alan Gilbert <linux@xxxxxxxxxxx>; Ankit Agrawal <ankita@xxxxxxxxxx>;
> open list:VFIO DRIVER <kvm@xxxxxxxxxxxxxxx>; Dhruv Tripathi
> <Dhruv.Tripathi@xxxxxxx>; Honnappa Nagarahalli
> <Honnappa.Nagarahalli@xxxxxxx>; Jeremy Linton <Jeremy.Linton@xxxxxxx>
> Subject: Re: [RFC PATCH] vfio/pci: add PCIe TPH to device feature ioctl
> 
> On Wed, Mar 05, 2025 at 06:11:22AM +0000, Wathsala Wathawana Vithanage
> wrote:
> 
> > By not enabling TPH in device-specific mode, hypervisors can ensure
> > that setting an ST in a device-specific location (like queue contexts)
> > will have no effect. VMs should also not be allowed to enable TPH.
> 
> So many workloads run inside VMs now for security reasons that is not a
> reasonable approach.
> 
> > I believe this could
> > be enforced by trapping (causing VM exits) on MSI-X/ST table writes.
> 
> Yes, I think this was always part of the plan for virtualization when using a MSI-X
> table.
> 
> > Having said that, regardless of this proposal or the availability of
> > kernel TPH support, a VFIO driver could enable TPH and set an
> > arbitrary ST on the MSI-X/ST table or a device-specific location on
> > supported platforms. If the driver doesn't have a list of valid STs,
> > it can enumerate 8- or 16-bit STs and measure access latencies to determine
> valid ones.
> 
> And you think it is absolutely true that no TPH value can cause a platform
> malfunction or security failure?
> 

I think such hardware bugs are inevitable :).
Would disabling TPH in the kernel and preventing config-writes that enables
TPH from the user-space by trapping them in the kernel work as a solution?
That requires trapping config-writes.

--wathsala
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux