Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM.

[RFC V2 PATCH 00/12] x86/Hyper-V: Add Hyper-V Isolation VM support · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 1/12] x86/HV: Initialize GHCB page in Isolation VM · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 3/12] x86/Hyper-V: Add new hvcall guest address host visibility support · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 2/12] x86/HV: Initialize shared memory boundary in Isolation VM · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 5/12] HV: Add ghcb hvcall support for SNP VM · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 4/12] HV: Add Write/Read MSR registers via ghcb · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 7/12] HV/Vmbus: Initialize VMbus ring buffer for Isolation VM · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 6/12] HV/Vmbus: Add SNP support for VMbus channel initiate message · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM. · Tianyu Lan <hidden> · 2021-04-13
Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM. · Greg KH <gregkh@linuxfoundation.org> · 2021-04-13
Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM. · Greg KH <gregkh@linuxfoundation.org> · 2021-04-13
Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM. · Tianyu Lan <hidden> · 2021-04-14
Re: [RFC V2 PATCH 8/12] UIO/Hyper-V: Not load UIO HV driver in the isolation VM. · Greg KH <gregkh@linuxfoundation.org> · 2021-04-14
[RFC V2 PATCH 11/12] HV/Netvsc: Add Isolation VM support for netvsc driver · Tianyu Lan <hidden> · 2021-04-13
Re: [RFC V2 PATCH 11/12] HV/Netvsc: Add Isolation VM support for netvsc driver · Leon Romanovsky <leon@kernel.org> · 2021-04-18
[RFC V2 PATCH 10/12] HV/IOMMU: Add Hyper-V dma ops support · Tianyu Lan <hidden> · 2021-04-13
[RFC V2 PATCH 12/12] HV/Storvsc: Add Isolation VM support for storvsc driver · Tianyu Lan <hidden> · 2021-04-13

From: Greg KH <gregkh@linuxfoundation.org>
Date: 2021-04-14 15:36:54
Also in: lkml

On Wed, Apr 14, 2021 at 11:20:19PM +0800, Tianyu Lan wrote:

Hi Greg:
	Thanks for your review.

On 4/14/2021 12:00 AM, Greg KH wrote:

quoted

On Tue, Apr 13, 2021 at 11:22:13AM -0400, Tianyu Lan wrote:

quoted

From: Tianyu Lan <redacted>

UIO HV driver should not load in the isolation VM for security reason.

Why?  I need a lot more excuse than that.

The reason is that ring buffers have been marked as visible to host.
UIO driver will expose these buffers to user space and user space
driver hasn't done some secure check for data from host. This
is considered as insecure in isolation VM.

But as this is a VM choice, why did the VM mark those as visible in the
first place?

thanks,

greg k-h

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help