Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)
From: Scott Wood
Date: Fri Dec 06 2013 - 14:00:16 EST
On Thu, 2013-12-05 at 22:11 -0600, Bharat Bhushan wrote:
>
> > -----Original Message-----
> > From: Wood Scott-B07421
> > Sent: Friday, December 06, 2013 5:52 AM
> > To: Bhushan Bharat-R65777
> > Cc: Alex Williamson; linux-pci@xxxxxxxxxxxxxxx; agraf@xxxxxxx; Yoder Stuart-
> > B08248; iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx; bhelgaas@xxxxxxxxxx; linuxppc-
> > dev@xxxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> > Subject: Re: [PATCH 0/9 v2] vfio-pci: add support for Freescale IOMMU (PAMU)
> >
> > On Thu, 2013-11-28 at 03:19 -0600, Bharat Bhushan wrote:
> > >
> > > > -----Original Message-----
> > > > From: Bhushan Bharat-R65777
> > > > Sent: Wednesday, November 27, 2013 9:39 PM
> > > > To: 'Alex Williamson'
> > > > Cc: Wood Scott-B07421; linux-pci@xxxxxxxxxxxxxxx; agraf@xxxxxxx;
> > > > Yoder Stuart- B08248; iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx;
> > > > bhelgaas@xxxxxxxxxx; linuxppc- dev@xxxxxxxxxxxxxxxx;
> > > > linux-kernel@xxxxxxxxxxxxxxx
> > > > Subject: RE: [PATCH 0/9 v2] vfio-pci: add support for Freescale
> > > > IOMMU (PAMU)
> > > >
> > > > If we just provide the size of MSI bank to userspace then userspace
> > > > cannot do anything wrong.
> > >
> > > So userspace does not know address, so it cannot mmap and cause any
> > interference by directly reading/writing.
> >
> > That's security through obscurity... Couldn't the malicious user find out the
> > address via other means, such as experimentation on another system over which
> > they have full control? What would happen if the user reads from their device's
> > PCI config space? Or gets the information via some back door in the PCI device
> > they own? Or pokes throughout the address space looking for something that
> > generates an interrupt to its own device?
>
> So how to solve this problem, Any suggestion ?
>
> We have to map one window in PAMU for MSIs and a malicious user can ask
> its device to do DMA to MSI window region with any pair of address and
> data, which can lead to unexpected MSIs in system?
I don't think there are any solutions other than to limit each bank to
one user, unless the admin turns some knob that says they're OK with the
partial loss of isolation.
-Scott
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/