[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested S
|
From: |
Jason Gunthorpe |
|
Subject: |
Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3 |
|
Date: |
Thu, 6 Feb 2025 13:58:43 -0400 |
On Thu, Feb 06, 2025 at 05:54:57PM +0000, Daniel P. Berrangé wrote:
> > > We shouldn't assume any VFIO device exists in the QEMU cnofig at the time
> > > we realize the virtual ssmu. I expect the SMMU may be cold plugged, while
> > > the VFIO devices may be hot plugged arbitrarly later, and we should have
> > > the association initialized the SMMU is realized.
> >
> > This is not supported kernel side, you can't instantiate a vIOMMU
> > without a VFIO device that uses it. For security.
>
> What are the security concerns here ?
You should not be able to open iommufd and manipulate iommu HW that
you don't have a VFIO descriptor for, including creating physical
vIOMMU resources, allocating command queues and whatever else.
Some kind of hot plug smmu would have to create a vSMMU without any
kernel backing and then later bind it to a kernel implementation.
Jason
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, (continued)
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Daniel P . Berrangé, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3,
Jason Gunthorpe <=
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Shameerali Kolothum Thodi, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Nicolin Chen, 2025/02/06
- Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3, Jason Gunthorpe, 2025/02/06