From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
To: "Xia, Chenbo" <chenbo.xia@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "maxime.coquelin@redhat.com" <maxime.coquelin@redhat.com>,
"andrew.rybchenko@oktetlabs.ru" <andrew.rybchenko@oktetlabs.ru>,
Harpreet Singh Anand <hanand@xilinx.com>,
Praveen Kumar Jain <praveenj@xilinx.com>
Subject: Re: [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization
Date: Fri, 1 Oct 2021 17:31:45 +0000 [thread overview]
Message-ID: <SJ0PR02MB732732C94446DCF9A38E2E90B9AB9@SJ0PR02MB7327.namprd02.prod.outlook.com> (raw)
In-Reply-To: <MN2PR11MB4063E5A48FE41FCE96EE10AB9CD29@MN2PR11MB4063.namprd11.prod.outlook.com>
Hi Chenbo,
>-----Original Message-----
>From: Xia, Chenbo <chenbo.xia@intel.com>
>Sent: Monday, September 6, 2021 8:32 AM
>To: Vijay Kumar Srivastava <vsrivast@xilinx.com>; dev@dpdk.org
>Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru; Harpreet
>Singh Anand <hanand@xilinx.com>; Praveen Kumar Jain <praveenj@xilinx.com>
>Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device initialization
>
>Hi,
>
>> -----Original Message-----
>> From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
>> Sent: Friday, September 3, 2021 9:20 PM
>> To: Xia, Chenbo <chenbo.xia@intel.com>; dev@dpdk.org
>> Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru;
>> Harpreet Singh Anand <hanand@xilinx.com>; Praveen Kumar Jain
>> <praveenj@xilinx.com>
>> Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device
>> initialization
>>
[snip]
>> To handle IOVA overlap detection scenario a patch is in progress
>> which will be submitted soon.
>> In that patch, upon IOVA overlap detection new available IOVA would
>> be calculated and MCDI buffer would be remapped to new IOVA.
>Let's say there is a malicious guest who knows your initial IOVA range that is set
>up by your driver (even if it does not know, it can use tests to know. So use static
>IOVA range in host is more dangerous).
Upcoming patch will handle IOVA conflict scenario. With that patch hardcoded IOVA would not be needed.
If malicious guest will try to use MCDI IOVA address then vDPA driver would detect IOVA overlap and would remap MCDI buffer to another available IOVA address.
This IOVA address is for MCDI buffer which is used for the control path.
Just by only writing to MCDI buffer does not imply that malicious guest can send any control message to NIC to modify HW configuration.
>It can use that address in any DMA-able queue and make DMA into the vdpa app. I think it could cause some security issue
>as you let guest easily writing host memory.
Can you please elaborate on this ?
In what scenarios host physical address can be accessed by malicious guest ?
>For now I don't see a perfect solution except PASID(Process Address Space ID).
>IIRC, We could let QEMU have a primary PASID and vdpa app have a secondary
>PASID so that VM can't perform DMA to vdpa app. But since it needs HW support
>and related support in vfio is not mature, I don't think we are able to use that
>solution now.
>Any solution you can think of for your HW?
Yes, It can be used. Our next version of HW will have the PASID support.
Regards,
Vijay
next prev parent reply other threads:[~2021-10-01 17:31 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 16:44 [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 01/10] " Vijay Srivastava
2021-08-11 2:26 ` Xia, Chenbo
2021-08-13 8:38 ` Andrew Rybchenko
2021-08-13 9:23 ` Xia, Chenbo
2021-08-13 9:31 ` Andrew Rybchenko
2021-08-16 1:35 ` Xia, Chenbo
2021-08-13 15:34 ` Stephen Hemminger
2021-08-13 15:36 ` Stephen Hemminger
2021-10-29 11:32 ` Vijay Kumar Srivastava
2021-08-13 15:36 ` Stephen Hemminger
2021-10-28 18:13 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-08-30 9:16 ` Maxime Coquelin
2021-08-30 10:52 ` Xia, Chenbo
2021-09-03 13:19 ` Vijay Kumar Srivastava
2021-09-06 3:02 ` Xia, Chenbo
2021-10-01 17:31 ` Vijay Kumar Srivastava [this message]
2021-10-09 3:06 ` Xia, Chenbo
2021-10-18 10:06 ` Vijay Kumar Srivastava
2021-10-19 2:16 ` Xia, Chenbo
2021-10-25 6:11 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-08-30 9:34 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-08-30 9:35 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-08-30 9:39 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-08-30 11:35 ` Maxime Coquelin
2021-09-03 13:22 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-08-30 13:22 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-08-30 13:47 ` Maxime Coquelin
2021-09-03 13:20 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-08-30 13:58 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-07-07 8:30 ` [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-07-07 11:09 ` Andrew Rybchenko
2021-10-27 13:18 ` Maxime Coquelin
2021-10-27 15:04 ` Andrew Rybchenko
2021-10-27 19:56 ` Maxime Coquelin
2021-10-28 18:01 ` Vijay Kumar Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 " Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 01/10] " Vijay Srivastava
2021-10-28 8:21 ` Xia, Chenbo
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-10-28 8:08 ` [dpdk-dev] [PATCH v2 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-10-28 8:11 ` Maxime Coquelin
2021-10-28 14:35 ` Maxime Coquelin
2021-10-28 18:03 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 " Vijay Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 01/10] " Vijay Srivastava
2021-10-29 20:07 ` Mattias Rönnblom
2021-11-01 8:13 ` Vijay Kumar Srivastava
2021-11-01 8:30 ` Xia, Chenbo
2021-11-01 8:59 ` Andrew Rybchenko
2021-11-01 9:10 ` Xia, Chenbo
2021-11-01 9:53 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-29 20:21 ` Mattias Rönnblom
2021-11-01 8:09 ` Andrew Rybchenko
2021-11-01 11:48 ` Xia, Chenbo
2021-11-02 4:38 ` Vijay Kumar Srivastava
2021-11-02 5:16 ` Xia, Chenbo
2021-11-02 9:50 ` Vijay Kumar Srivastava
2021-11-02 7:42 ` Vijay Kumar Srivastava
2021-11-02 7:50 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-02 7:09 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-02 7:35 ` Xia, Chenbo
2021-11-02 9:47 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 01/10] " Vijay Srivastava
2021-11-04 9:28 ` Maxime Coquelin
2021-11-05 9:01 ` Ferruh Yigit
2021-11-05 9:03 ` Maxime Coquelin
2021-11-05 9:09 ` Ferruh Yigit
2021-11-05 9:13 ` Ferruh Yigit
2021-11-05 9:28 ` Andrew Rybchenko
2021-11-05 9:40 ` Ferruh Yigit
2021-11-08 9:34 ` Hemant Agrawal
2021-11-05 9:42 ` Ferruh Yigit
2021-11-05 10:07 ` Ferruh Yigit
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-11-04 9:54 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-04 10:15 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-04 10:50 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-04 10:58 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-04 11:12 ` Maxime Coquelin
2021-11-04 13:07 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ0PR02MB732732C94446DCF9A38E2E90B9AB9@SJ0PR02MB7327.namprd02.prod.outlook.com \
--to=vsrivast@xilinx.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
--cc=hanand@xilinx.com \
--cc=maxime.coquelin@redhat.com \
--cc=praveenj@xilinx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).