[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 14/14] vpci: add TODO for the registers not explicitly handled
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>
- Date: Thu, 25 Nov 2021 11:20:39 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gTLF9kFSmUDDPi3lveMdTbhQS/4c2xojykeC3vHcILQ=; b=ieMbTb7qnkUqr0jXpzlzZee9xGybUsvYXJWcvo7sywAkHRFvUyO39ugms56WHemfCdLeFGEkeUbwZHLGOYaXngSDI2007Jpd1T0oyQhBhzZeHEl5LhwiJWC9Ejj0U4LaT+C8IRBD0OznsJwvHpy6aNAM6jTfe3FsIX6crn6LjK2liI+YLrrZJhzaCrdAcK97o2hj522DJnbm8yZ/PXVWfNuozeZDx2fJHdV2W3wd7hGSRDBlWYrxQocBYrRYjzRCadUAM1oiR5Ia2u1pNvXt8RjoUyg+kh0alUSA5Tj4gkpcOsBX+bgL7KepXkdA6e62BMiMexq+1DbN7x5tWiAh9Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nlgKrQUMyREnaAqC8av84Az//OzS0cLVp7pGS+wfdrsIcukIWun73oRX1oXWgu0uzI3gPY8VldrVeGbzTreIyhYUa+AREdAz1DkJLmDt8ADw3lCv5qRuXJ12t3RpVWiF/6CmuKnyTLpG2gOWWRFQ61cJxL0jK1W9r3cxsLJc4Wd1bhTzcVDxhb03YsbP4L0qphsvfaF5q5K/64RHZsWYUq5FtlfjjJFtBDqbeVgqTQomZrdFvWPXSXKAbY1ZD4bYRZoLwRgKw4NjhLwCfxkk2FYh/FX+fRa+bcqvCMOsPPMYCl5EiIafxfFjqkocKjLUGPFeDNBMnQhTJcl0/h1cMg==
- Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>
- Delivery-date: Thu, 25 Nov 2021 11:20:58 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHX4ewNiPcRmuDEOU6R/33b+PKQzqwUGDwAgAAA3IA=
- Thread-topic: [PATCH v5 14/14] vpci: add TODO for the registers not explicitly handled
On 25.11.21 13:17, Jan Beulich wrote:
> On 25.11.2021 12:02, Oleksandr Andrushchenko wrote:
>> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
>>
>> For unprivileged guests vpci_{read|write} need to be re-worked
>> to not passthrough accesses to the registers not explicitly handled
>> by the corresponding vPCI handlers: without fixing that passthrough
>> to guests is completely unsafe as Xen allows them full access to
>> the registers.
>>
>> Xen needs to be sure that every register a guest accesses is not
>> going to cause the system to malfunction, so Xen needs to keep a
>> list of the registers it is safe for a guest to access.
>>
>> For example, we should only expose the PCI capabilities that we know
>> are safe for a guest to use, i.e.: MSI and MSI-X initially.
>> The rest of the capabilities should be blocked from guest access,
>> unless we audit them and declare safe for a guest to access.
>>
>> As a reference we might want to look at the approach currently used
>> by QEMU in order to do PCI passthrough. A very limited set of PCI
>> capabilities known to be safe for untrusted access are exposed to the
>> guest and registers need to be explicitly handled or else access is
>> rejected. Xen needs a fairly similar model in vPCI or else none of
>> this will be safe for unprivileged access.
>>
>> Add the corresponding TODO comment to highlight there is a problem that
>> needs to be fixed.
>>
>> Suggested-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>> Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
>> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
> Looks okay to me in principle,
Thanks Roger for writing most of the text in e-mails while discussing the issue
> but imo needs to come earlier in the
> series, before things actually get exposed to DomU-s.
I can have it after "[PATCH v5 05/14] vpci: add hooks for PCI device
assign/de-assign"
> Jan
>
Thank you,
Oleksandr
|
