OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [virtio-dev] Re: [Qemu-devel] [virtio-dev] [PATCH v3 0/7] Vhost-pci for inter-VM communication


On Thu, Dec 14, 2017 at 05:50:22PM +0100, Maxime Coquelin wrote:
> 
> 
> On 12/14/2017 05:40 PM, Michael S. Tsirkin wrote:
> > On Thu, Dec 14, 2017 at 05:39:19PM +0100, Maxime Coquelin wrote:
> > > 
> > > 
> > > On 12/14/2017 05:27 PM, Michael S. Tsirkin wrote:
> > > > On Thu, Dec 14, 2017 at 03:46:56PM +0000, Stefan Hajnoczi wrote:
> > > > > On Wed, Dec 13, 2017 at 10:50:11PM +0100, Maxime Coquelin wrote:
> > > > > > On 12/13/2017 09:08 PM, Stefan Hajnoczi wrote:
> > > > > > > On Wed, Dec 13, 2017 at 3:01 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > > > > > > > On Wed, Dec 13, 2017 at 12:35:21PM +0000, Stefan Hajnoczi wrote:
> > > > > > > > > I'm not saying that DPDK should use libvhost-user.  I'm saying that it's
> > > > > > > > > easy to add vfio vhost-pci support (for the PCI adapter I described) to
> > > > > > > > > DPDK.  This patch series would require writing a completely new slave
> > > > > > > > > for vhost-pci because the device interface is so different from
> > > > > > > > > vhost-user.
> > > > > > > > 
> > > > > > > > The main question is how appropriate is the vhost user protocol
> > > > > > > > for passing to guests. And I am not sure at this point.
> > > > > > > > 
> > > > > > > > Someone should go over vhost user messages and see whether they are safe
> > > > > > > > to pass to guest. If most are then we can try the transparent approach.
> > > > > > > > If most aren't then we can't and might as well use the proposed protocol
> > > > > > > > which at least has code behind it.
> > > > > > > 
> > > > > > > I have done that:
> > > > > > > 
> > > > > > ...
> > > > > > >     * VHOST_USER_SET_MEM_TABLE
> > > > > > > 
> > > > > > >       Set up BARs before sending a VHOST_USER_SET_MEM_TABLE to the guest.
> > > > > > 
> > > > > > It would require to filter out userspace_addr from the payload not to
> > > > > > leak other QEMU process VAs to the guest.
> > > > > 
> > > > > QEMU's vhost-user master implementation is insecure because it leaks
> > > > > QEMU process VAs.  This also affects vhost-user host processes, not just
> > > > > vhost-pci.
> > > > > 
> > > > > The QEMU vhost-user master could send an post-IOMMU guest physical
> > > > > addresses whereever the vhost-user protocol specification says "user
> > > > > address".  That way no address space information is leaked although it
> > > > > does leak IOMMU mappings.
> > > > > 
> > > > > If we want to hide the IOMMU mappings too then we need another logical
> > > > > address space (kind a randomized ramaddr_t).
> > > > > 
> > > > > Anyway, my point is that the current vhost-user master implementation is
> > > > > insecure and should be fixed.  vhost-pci doesn't need to worry about
> > > > > this issue.
> > > > > 
> > > > > Stefan
> > > > 
> > > > I was going to make this point too.  It does not look like anyone uses
> > > > userspace_addr. It might have been a mistake to put it there -
> > > > maybe we should have reused it for map offset.
> > > > 
> > > > It does not look like anyone uses this for anything.
> > > > 
> > > > How about we put zero, or a copy of the GPA there?
> > > > 
> > > > 
> > > 
> > > It is used when no iommu for the ring addresses, and when iommu is used
> > > for the IOTLB update messages.
> > > 
> > > Maxime
> > 
> > How do clients use it? Why won't GPA do just as well?
> 
> It is used to calculate the offset in the regions, so if we change all
> to use GPA, it may work without backend change.

Great.

Stefan

Attachment: signature.asc
Description: PGP signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]