[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [PATCH V2 0/2] virito-pci: PASID support
On Thu, Jan 13, 2022 at 10:36:52AM +0000, Stefan Hajnoczi wrote: > On Thu, Jan 13, 2022 at 09:28:19AM +0800, Jason Wang wrote: > > On Wed, Jan 12, 2022 at 6:44 PM Stefan Hajnoczi <stefanha@redhat.com> wrote: > > > > > > On Wed, Jan 12, 2022 at 01:57:53PM +0800, Jason Wang wrote: > > > > Hi All: > > > > > > > > This series tries to add PASID support for virtio-pci to allow the > > > > virtqueue to use PASID TLP prefix for PCI transactions. This will be > > > > useful for future work like, queue assignment, virtqueue > > > > virtualization and presenting multiple vDPA devices with a single PCI > > > > device. > > > > > > > > Since we're short of the space for the PCI capabilities, the PCI > > > > extended capability for virtio structure is introduced that allows the > > > > PASID configuration structure to use. > > > > > > > > A prototype is implemented with emulated virtio-pci device in [1]. A > > > > test driver is implemented in [2]. > > > > > > > > Please review. > > > > > > I don't know the security model for PASIDs. My guess is that PASIDs can > > > be bruteforced so we must trust the driver (it can assign PASIDs to > > > virtqueue groups) and we must prevent untrusted applications from > > > setting PASIDs on virtqueues. Is that correct? > > > > Yes, and the kernel can choose to hide PASID even for the trusted > > application by using token or other intermediate layers. > > It would be good to describe the security model from a virtio-pci > perspective so driver implementors don't accidentally expose trusted > interfaces to untrusted applications. It's obvious to someone who > already understands and has thought through all of this, but not obvious > to someone who is implementing a driver for the first time or someone > who is modifying the VIRTIO specification and doesn't know/care about > PASIDs. > > Stefan Can't hurt to have a security considerations chapter. We should talk there about ACCESS_PLATFORM which has security implications too. -- MST
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]