From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
To: "Xia, Chenbo" <chenbo.xia@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "maxime.coquelin@redhat.com" <maxime.coquelin@redhat.com>,
"andrew.rybchenko@oktetlabs.ru" <andrew.rybchenko@oktetlabs.ru>,
Harpreet Singh Anand <hanand@xilinx.com>,
Praveen Kumar Jain <praveenj@xilinx.com>
Subject: Re: [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization
Date: Mon, 18 Oct 2021 10:06:10 +0000 [thread overview]
Message-ID: <SJ0PR02MB7327B060A9CB22C4F328992EB9BC9@SJ0PR02MB7327.namprd02.prod.outlook.com> (raw)
In-Reply-To: <SN6PR11MB350499BDB4DA1D397B7740979CB39@SN6PR11MB3504.namprd11.prod.outlook.com>
Hi Chenbo,
>-----Original Message-----
>From: Xia, Chenbo <chenbo.xia@intel.com>
>Sent: Saturday, October 9, 2021 8:36 AM
>To: Vijay Kumar Srivastava <vsrivast@xilinx.com>; dev@dpdk.org
>Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru; Harpreet
>Singh Anand <hanand@xilinx.com>; Praveen Kumar Jain <praveenj@xilinx.com>
>Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device initialization
>
>Hi Vijay,
>
>> -----Original Message-----
>> From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
>> Sent: Saturday, October 2, 2021 1:32 AM
>> To: Xia, Chenbo <chenbo.xia@intel.com>; dev@dpdk.org
>> Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru;
>> Harpreet Singh Anand <hanand@xilinx.com>; Praveen Kumar Jain
>> <praveenj@xilinx.com>
>> Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device
>> initialization
>>
>> Hi Chenbo,
>>
>> >-----Original Message-----
>> >From: Xia, Chenbo <chenbo.xia@intel.com>
>> >Sent: Monday, September 6, 2021 8:32 AM
>> >To: Vijay Kumar Srivastava <vsrivast@xilinx.com>; dev@dpdk.org
>> >Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru;
>> >Harpreet Singh Anand <hanand@xilinx.com>; Praveen Kumar Jain
>> ><praveenj@xilinx.com>
>> >Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device
>> initialization
[Snip]
>I think your vdpa HW (let's say a VF) have two DMA regions: one in guest (w/o
>vIOMMU) and the other in vdpa app. Both share the same IOVA address space,
>and we don't want them overlap. Let's say we can make sure no overlap will
>happen and take an example here: guest DMA region's IOVA (GPA) range is
>0x0000 to 0x1000 and vdpa app's is 0x1000 to 0x2000. A malicious guest could
>use a malicious driver to write 0x1500 in its virtio RX ring, so that HW will DMA
>to that address when packets come. Then the malicious guest performed an
>DMA to host memory. Although the guest does not know IOVA range of vdpa
>app, he can randomly guess to do the attack.
>
>Any solution your HW/driver can prevent this from happening without PASID?
>Or do I miss something here ?
Rx packet will carry headers making highly unlikely any proper MCDI data can be written to the IOVA address (for MCDI buffer) to work with by the FW.
Writing to the buffer does not imply to issue the MCDI message. Even if MCDI is sent then FW is resilient enough to identify the incorrect MCDI and will reject the message.
This is going to affect only to VF on which malicious guest is present, as this MCDI buffer is specific to the corresponding VF.
So it won't affect any control path operation on the any other VF or host.
For SW assisted Live migration implemented in the ifcvf vDPA driver it uses hard coded IOVA addresses for mediated vring. Could it have similar issue ?
next prev parent reply other threads:[~2021-10-18 10:06 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 16:44 [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 01/10] " Vijay Srivastava
2021-08-11 2:26 ` Xia, Chenbo
2021-08-13 8:38 ` Andrew Rybchenko
2021-08-13 9:23 ` Xia, Chenbo
2021-08-13 9:31 ` Andrew Rybchenko
2021-08-16 1:35 ` Xia, Chenbo
2021-08-13 15:34 ` Stephen Hemminger
2021-08-13 15:36 ` Stephen Hemminger
2021-10-29 11:32 ` Vijay Kumar Srivastava
2021-08-13 15:36 ` Stephen Hemminger
2021-10-28 18:13 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-08-30 9:16 ` Maxime Coquelin
2021-08-30 10:52 ` Xia, Chenbo
2021-09-03 13:19 ` Vijay Kumar Srivastava
2021-09-06 3:02 ` Xia, Chenbo
2021-10-01 17:31 ` Vijay Kumar Srivastava
2021-10-09 3:06 ` Xia, Chenbo
2021-10-18 10:06 ` Vijay Kumar Srivastava [this message]
2021-10-19 2:16 ` Xia, Chenbo
2021-10-25 6:11 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-08-30 9:34 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-08-30 9:35 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-08-30 9:39 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-08-30 11:35 ` Maxime Coquelin
2021-09-03 13:22 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-08-30 13:22 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-08-30 13:47 ` Maxime Coquelin
2021-09-03 13:20 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-08-30 13:58 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-07-07 8:30 ` [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-07-07 11:09 ` Andrew Rybchenko
2021-10-27 13:18 ` Maxime Coquelin
2021-10-27 15:04 ` Andrew Rybchenko
2021-10-27 19:56 ` Maxime Coquelin
2021-10-28 18:01 ` Vijay Kumar Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 " Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 01/10] " Vijay Srivastava
2021-10-28 8:21 ` Xia, Chenbo
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-10-28 8:08 ` [dpdk-dev] [PATCH v2 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-10-28 8:11 ` Maxime Coquelin
2021-10-28 14:35 ` Maxime Coquelin
2021-10-28 18:03 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 " Vijay Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 01/10] " Vijay Srivastava
2021-10-29 20:07 ` Mattias Rönnblom
2021-11-01 8:13 ` Vijay Kumar Srivastava
2021-11-01 8:30 ` Xia, Chenbo
2021-11-01 8:59 ` Andrew Rybchenko
2021-11-01 9:10 ` Xia, Chenbo
2021-11-01 9:53 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-29 20:21 ` Mattias Rönnblom
2021-11-01 8:09 ` Andrew Rybchenko
2021-11-01 11:48 ` Xia, Chenbo
2021-11-02 4:38 ` Vijay Kumar Srivastava
2021-11-02 5:16 ` Xia, Chenbo
2021-11-02 9:50 ` Vijay Kumar Srivastava
2021-11-02 7:42 ` Vijay Kumar Srivastava
2021-11-02 7:50 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-02 7:09 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-02 7:35 ` Xia, Chenbo
2021-11-02 9:47 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 01/10] " Vijay Srivastava
2021-11-04 9:28 ` Maxime Coquelin
2021-11-05 9:01 ` Ferruh Yigit
2021-11-05 9:03 ` Maxime Coquelin
2021-11-05 9:09 ` Ferruh Yigit
2021-11-05 9:13 ` Ferruh Yigit
2021-11-05 9:28 ` Andrew Rybchenko
2021-11-05 9:40 ` Ferruh Yigit
2021-11-08 9:34 ` Hemant Agrawal
2021-11-05 9:42 ` Ferruh Yigit
2021-11-05 10:07 ` Ferruh Yigit
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-11-04 9:54 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-04 10:15 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-04 10:50 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-04 10:58 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-04 11:12 ` Maxime Coquelin
2021-11-04 13:07 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ0PR02MB7327B060A9CB22C4F328992EB9BC9@SJ0PR02MB7327.namprd02.prod.outlook.com \
--to=vsrivast@xilinx.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
--cc=hanand@xilinx.com \
--cc=maxime.coquelin@redhat.com \
--cc=praveenj@xilinx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).