OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [PATCH V2 0/2] virito-pci: PASID support

On Thu, Jan 13, 2022 at 10:36:52AM +0000, Stefan Hajnoczi wrote:
> On Thu, Jan 13, 2022 at 09:28:19AM +0800, Jason Wang wrote:
> > On Wed, Jan 12, 2022 at 6:44 PM Stefan Hajnoczi <stefanha@redhat.com> wrote:
> > >
> > > On Wed, Jan 12, 2022 at 01:57:53PM +0800, Jason Wang wrote:
> > > > Hi All:
> > > >
> > > > This series tries to add PASID support for virtio-pci to allow the
> > > > virtqueue to use PASID TLP prefix for PCI transactions. This will be
> > > > useful for future work like, queue assignment, virtqueue
> > > > virtualization and presenting multiple vDPA devices with a single PCI
> > > > device.
> > > >
> > > > Since we're short of the space for the PCI capabilities, the PCI
> > > > extended capability for virtio structure is introduced that allows the
> > > > PASID configuration structure to use.
> > > >
> > > > A prototype is implemented with emulated virtio-pci device in [1]. A
> > > > test driver is implemented in [2].
> > > >
> > > > Please review.
> > >
> > > I don't know the security model for PASIDs. My guess is that PASIDs can
> > > be bruteforced so we must trust the driver (it can assign PASIDs to
> > > virtqueue groups) and we must prevent untrusted applications from
> > > setting PASIDs on virtqueues. Is that correct?
> > 
> > Yes, and the kernel can choose to hide PASID even for the trusted
> > application by using token or other intermediate layers.
> 
> It would be good to describe the security model from a virtio-pci
> perspective so driver implementors don't accidentally expose trusted
> interfaces to untrusted applications. It's obvious to someone who
> already understands and has thought through all of this, but not obvious
> to someone who is implementing a driver for the first time or someone
> who is modifying the VIRTIO specification and doesn't know/care about
> PASIDs.
> 
> Stefan


Can't hurt to have a security considerations chapter.
We should talk there about ACCESS_PLATFORM which has security implications
too.

-- 
MST

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]