Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)

From: Alex Williamson
Date: Fri Dec 06 2013 - 14:30:45 EST

Next message: Alexandre Belloni: "[PATCHv2] iio: mxs-lradc: compute temperature from channel 8 and 9"
Previous message: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
In reply to: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
Next in thread: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2013-12-06 at 12:59 -0600, Scott Wood wrote:
> On Thu, 2013-12-05 at 22:11 -0600, Bharat Bhushan wrote:
> >
> > > -----Original Message-----
> > > From: Wood Scott-B07421
> > > Sent: Friday, December 06, 2013 5:52 AM
> > > To: Bhushan Bharat-R65777
> > > Cc: Alex Williamson; linux-pci@xxxxxxxxxxxxxxx; agraf@xxxxxxx; Yoder Stuart-
> > > B08248; iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx; bhelgaas@xxxxxxxxxx; linuxppc-
> > > dev@xxxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> > > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)
> > >
> > > On Thu, 2013-11-28 at 03:19 -0600, Bharat Bhushan wrote:
> > > >
> > > > > -----Original Message-----
> > > > > From: Bhushan Bharat-R65777
> > > > > Sent: Wednesday, November 27, 2013 9:39 PM
> > > > > To: 'Alex Williamson'
> > > > > Cc: Wood Scott-B07421; linux-pci@xxxxxxxxxxxxxxx; agraf@xxxxxxx;
> > > > > Yoder Stuart- B08248; iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx;
> > > > > bhelgaas@xxxxxxxxxx; linuxppc- dev@xxxxxxxxxxxxxxxx;
> > > > > linux-kernel@xxxxxxxxxxxxxxx
> > > > > Subject: RE: [PATCH 0/9 v2] vfio-pci: add support for Freescale
> > > > > IOMMU (PAMU)
> > > > >
> > > > > If we just provide the size of MSI bank to userspace then userspace
> > > > > cannot do anything wrong.
> > > >
> > > > So userspace does not know address, so it cannot mmap and cause any
> > > interference by directly reading/writing.
> > >
> > > That's security through obscurity... Couldn't the malicious user find out the
> > > address via other means, such as experimentation on another system over which
> > > they have full control? What would happen if the user reads from their device's
> > > PCI config space? Or gets the information via some back door in the PCI device
> > > they own? Or pokes throughout the address space looking for something that
> > > generates an interrupt to its own device?
> >
> > So how to solve this problem, Any suggestion ?
> >
> > We have to map one window in PAMU for MSIs and a malicious user can ask
> > its device to do DMA to MSI window region with any pair of address and
> > data, which can lead to unexpected MSIs in system?
>
> I don't think there are any solutions other than to limit each bank to
> one user, unless the admin turns some knob that says they're OK with the
> partial loss of isolation.

Even if the admin does opt-in to an allow_unsafe_interrupts options, it
should still be reasonably difficult for one guest to interfere with the
other. I don't think we want to rely on the blind luck of making the
full MSI bank accessible to multiple guests and hoping they don't step
on each other. That probably means that vfio needs to manage the space
rather than the guest. Thanks,

Alex

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexandre Belloni: "[PATCHv2] iio: mxs-lradc: compute temperature from channel 8 and 9"
Previous message: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
In reply to: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
Next in thread: Scott Wood: "Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]