[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] vpci: add permission checks to map_range()

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 26 Jul 2023 16:12:34 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jL04yurkGtyz156fGqsgNZlRHShJIqC5zxFWErY8//w=; b=BNynR19gfscgROrE7k6d3D3wajRO4T8L6v8Gez2PM7j/I6fR+/53BMvZ9XGcYwye6wGDt2JopIXPSJ4+6V5he4/6OrqNkpkj5ZD0TbuEu+76Xnn+mvVBW4ewIwnDWUF7xq7I+5qbM5mgYzbNZE6UBOjagjOseq4Zk/MW01mMqn41rf1x1FAm3SASjFlpoOEr0dQzzFsyvsKxzgqnofz3+DQmcvSoIq5Tj5jGw+s4Y0cd4O0H4jHCuWpv3jjSQNMZAA/0c2knpGsJ5Bpa5S6OVZeIDKBPiIOw2FDUVfak5Rj9lsPvRHZgLahtJtIsn3CFJIqgC7tsXvFOdcxBrcwk9g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BFbtVzY+lOxBNKxHP9noVnCaslLnjjhyiy1LikHNUDj3cdaEc6EWjk27RgCn7dQ3DKx1mTrdKewSzmiBSfS/3OuG7TF0BlY6nTGOf65l/9sdQOk8OJ9Jvh/LhXxrUMr39MjqzUeoXNTOu9i8/9Umfd9EnKftYejtUFw1Ux0Z0AskQe771yC0cbwtIKP/R3sf1UHlbn3i6by1t54pTVakLmGLOgKrSyF2rSqVgDsiQFhX11xKHvYEw2/dtCxsyp9B+WDaQwpSitYaK1t9oCz3EI/1uWMEzVCOJpbSPwp3VVQnHsRvmXEwToB0S+EkA0+3aWlZRhDznnDLz4tjRnrhSw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 26 Jul 2023 14:12:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26.07.2023 15:37, Roger Pau Monné wrote:
> On Wed, Jul 26, 2023 at 02:36:17PM +0200, Jan Beulich wrote:
>> Another Dom0 related concern can probably be put off until we actually
>> get a report of this failing (which may be more likely because of the
>> XSM check below): The function being used as a callback passed to
>> rangeset_consume_ranges(), failure may affect just a single BAR, while
>> the incoming range may cover multiple of them in one go. Depending on
>> what functionality such a BAR covers, the device may remain usable (a
>> typical example of what I'm thinking of is a multi-function device
>> having serial and/or parallel port on it, which are fine to be driven
>> via I/O ports even if driving via MMIO is possible [and would likely
>> be more efficient]). Of course, to allow some MMIO bars to be used
>> while prohibiting use of some others, further trickery may be needed.
>> But not exposing the device to Dom0 at all doesn't seem very nice in
>> such a case.
> 
> Hm, I see.  For dom0 we might want to consider ignoring mapping
> failures, the problem is that we would need to narrow down the pages
> not allowed to be mapped, as part of the range passed to map_range()
> might be allowed.  We would need to resort to checking permissions on
> a page by page basis, which is not overly nice.

Right, all of which is why I prefixed the while paragraph with "can
probably be put off until ...".

> I think it's more likely for such BARs to be marked as read-only
> (instead of denying access), in which case the checking here would
> still be OK.

Maybe, but (a) granting r/o access may still be beyond what an XSM
policy intends and (b) might be a problem when reads have side
effects.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.