OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [virtio-dev] [PATCH v5 09/10] vhost-user: intercept slave's reply to VHOST_USER_GET_PROTOCOL_FEATURES

On 17/7/20 12:57 Î.Î., Stefan Hajnoczi wrote:


On Mon, May 18, 2020 at 11:37:20PM +0300, Nikos Dragazis wrote:

Signed-off-by: Nikos Dragazis <ndragazis@arrikto.com>
---
  virtio-vhost-user.tex | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/virtio-vhost-user.tex b/virtio-vhost-user.tex
index a673526..328baec 100644
--- a/virtio-vhost-user.tex
+++ b/virtio-vhost-user.tex
@@ -142,10 +142,15 @@ \subsubsection{Device Operation: RX/TX Queues}\label{sec:Device Types / Vhost-us
  message that is too large for an rxq buffer, then DEVICE_NEEDS_RESET is set and
  the driver must reset the device.
-File descriptor passing is handled differently by the vhost-user device 
-backend.  When a message is received that carries one or more file descriptors
-according to the vhost-user protocol, additional device resources become
-available to the driver.
+File descriptor passing is handled differently by the vhost-user device backend.
+When a master-initiated message is received that carries one or more file
+descriptors according to the vhost-user protocol, additional device resources
+become available to the driver.
+
+On the contrary, the slave cannot pass file descriptors to the master. For this
+reason, the vhost-user device backend MUST be intercepting the slave's reply to
+the VHOST_USER_GET_PROTOCOL_FEATURES vhost-user message and clearing these
+feature bits that allow the slave to send messages that pass file descriptors.

Please be specific about which vhost-user protocol bits are not
supported.


Currently, this goes for the VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD and
VHOST_USER_PROTOCOL_F_PAGEFAULT feature bits.



Why does the virtio-vhost-user device implementation need to silently
clear those feature bits? Is there a security impact or some other
reason why the VIRTIO spec should specify this behavior?


In our setup, the slave cannot pass file descriptors to the master.
The easiest way to enforce this restriction is during feature
negotiation. The virtio-vhost-user device will mask the unsupported
feature bits and, therefore, the master will not enable these feature
bits on the slave.



Stefan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]