On Wed, 29 Sep 2021 13:50:29 -0500 Bjorn Helgaas <helgaas@xxxxxxxxxx> wrote: > On Wed, Sep 29, 2021 at 12:26:12PM -0600, Alex Williamson wrote: > > On Tue, 28 Sep 2021 20:59:02 -0500 > > Bjorn Helgaas <helgaas@xxxxxxxxxx> wrote: > > > > > [+cc Alex, Krzysztof, AMD folks] > > > > > > On Tue, Sep 28, 2021 at 05:16:49PM -0700, David Jaundrew wrote: > > > > This patch fixes another FLR bug for the Starship/Matisse controller: > > > > > > > > AMD Starship/Matisse Cryptogrpahic Coprocessor PSPCPP > > > > > > > > This patch allows functions on the same Starship/Matisse device (such as > > > > USB controller,sound card) to properly pass through to a guest OS using > > > > vfio-pc. Without this patch, the virtual machine does not boot and > > > > eventually times out. > > > > > > Apparently yet another AMD device that advertises FLR support, but it > > > doesn't work? > > > > > > I don't have a problem avoiding the FLR, but I *would* like some > > > indication that: > > > > > > - This is a known erratum and AMD has some plan to fix this in > > > future devices so we don't have to trip over them all > > > individually, and > > > > > > - This is not a security issue. Part of the reason VFIO resets > > > pass-through devices is to avoid leaking state from one guest to > > > another. If reset doesn't work, that makes me wonder, especially > > > since this is a cryptographic coprocessor that sounds like it > > > might be full of secrets. So I *assume* VFIO will use a different > > > type of reset instead of FLR, but I'm just double-checking. > > > > It depends on what's available, chances are not good that we have > > another means of function level reset, so this probably means it's > > exposed as-is. I agree, not great for a device managing something to > > do with cryptography. It's potentially a better security measure to > > let the device wedge itself. Thanks, > > OK, I think that means I need to ignore this patch until we have some > evidence that it's actually safe to allow VFIO to pass the device > through to another guest. > > And I guess we are making the assumption that the audio, USB, and > ethernet controllers [1] are safe to hand off between guests? I don't > know enough about those controllers to even have an opinion about > that. Surely there is config space and MMIO space that could leak > data between guests? The expectation is that there's a lot less potential for such devices. If we were to try to restrict assignment to absolutely secure devices we'd probably rule out anything that's not a VF and then start excluding things from there. Even with proper resets, there's a potential that a user could muck with non-volatile device state (ex. option ROMs). > Is there anything that tracks whether the device has been reset after > being passed through to a guest? For example, I assume the following > would be safe if we could tell the reset had been done: > > - Pass through to guest A > - Guest A exits > - User resets all devices on bus (including this one) > - Pass through to guest B Yes, we do track whether a device has been reset, but rather by the kernel more so than userspace as the latter might just invite userspace to exploit an mmap post-reset in order to insert a payload. Our tracking is more for the purpose of trying to do a bus reset once all of the devices affected are released from userspace. For example if the multi-function set includes this crypto device, the usb controller, and audio controller, once the user releases the last of those, if any of them still require a reset we'd perform a bus reset. However, if these devices are actually in separate IOMMU groups (reset scope is not accounted for in grouping), then the user could release the crypto device and it could be re-assigned to a new user and we never get a chance to reset the bus. I don't know what grouping looks like among these devices. Thanks, Alex