From owner-freebsd-virtualization@freebsd.org  Sat Mar 21 00:49:42 2020
Return-Path: <owner-freebsd-virtualization@freebsd.org>
Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C827227824A
 for <freebsd-virtualization@mailman.nyi.freebsd.org>;
 Sat, 21 Mar 2020 00:49:42 +0000 (UTC)
 (envelope-from jmg@gold.funkthat.com)
Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gate2.funkthat.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48khqn6fPxz3J1m
 for <freebsd-virtualization@freebsd.org>; Sat, 21 Mar 2020 00:49:41 +0000 (UTC)
 (envelope-from jmg@gold.funkthat.com)
Received: from gold.funkthat.com (localhost [127.0.0.1])
 by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 02L0nchA085780
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Fri, 20 Mar 2020 17:49:38 -0700 (PDT)
 (envelope-from jmg@gold.funkthat.com)
Received: (from jmg@localhost)
 by gold.funkthat.com (8.15.2/8.15.2/Submit) id 02L0nchI085779;
 Fri, 20 Mar 2020 17:49:38 -0700 (PDT) (envelope-from jmg)
Date: Fri, 20 Mar 2020 17:49:38 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Wanpeng Qian <wanpengqian@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Subject: Re: bhyve: passthrough SMART info from host nvme controller
Message-ID: <20200321004938.GO4213@funkthat.com>
References: <CANBJ+xRdvTUHV0PQeBK2y2bCWDi5idqrD-AsHCT02fWkBLzeQQ@mail.gmail.com>
 <20200318175901.GI4213@funkthat.com>
 <CANBJ+xTVV3gOv7+8Qq9Aq1PaHEo=W+NMuqMwZCD7uvU80NFLmA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANBJ+xTVV3gOv7+8Qq9Aq1PaHEo=W+NMuqMwZCD7uvU80NFLmA@mail.gmail.com>
X-Operating-System: FreeBSD 11.3-STABLE amd64
X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7  ED9B D5FF 5A51 C0AC 3D65
X-Files: The truth is out there
X-URL: https://www.funkthat.com/
X-Resume: https://www.funkthat.com/~jmg/resume.html
X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (gold.funkthat.com [127.0.0.1]); Fri, 20 Mar 2020 17:49:38 -0700 (PDT)
X-Rspamd-Queue-Id: 48khqn6fPxz3J1m
X-Spamd-Bar: ++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of jmg@gold.funkthat.com has no SPF policy
 when checking 208.87.223.18) smtp.mailfrom=jmg@gold.funkthat.com
X-Spamd-Result: default: False [2.01 / 15.00]; ARC_NA(0.00)[];
 RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[];
 IP_SCORE(-0.41)[ip: (-1.05), ipnet: 208.87.216.0/21(-0.52), asn: 32354(-0.42),
 country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[funkthat.com]; AUTH_NA(1.00)[];
 NEURAL_SPAM_MEDIUM(0.30)[0.297,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.92)[0.919,0];
 R_SPF_NA(0.00)[];
 FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com];
 FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US];
 FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Mar 2020 00:49:42 -0000

Wanpeng Qian wrote this message on Thu, Mar 19, 2020 at 12:09 +0900:
> > Can't you do what something like pci_passthru.c does in passthru_init,
> > and open /dev/nvme0 in pci_nvme_init?
> 
> Yes, you are correct. but that will make /dev/nvme0 keep open all the time.
> I just thinking when guest fire a logpage command, open the /dev/nvme0
> and get the SMART info. then close /dev/nvme0.

But as you point out, the only way to have that happen is to remove
capsicum, but that would make byhve overall LESS secure.

Even if you were able to open /dev/nvme0 at any time after the process
was locked down, it doesn't provide additional security, as any
attacker could just open it up, and do the operation...

So, I'm really confused as to what the benefit of not opening it at
the start is..

> On Thu, Mar 19, 2020 at 2:59 AM John-Mark Gurney <jmg@funkthat.com> wrote:
> >
> > Wanpeng Qian wrote this message on Wed, Mar 18, 2020 at 13:05 +0900:
> > > But currently bhyve has Capsicum capability, I cannot
> > > open /dev/nvme0 within pci_nvme.c without extra code.
> > > (currently I just disable the Capsicum capability)
> > >
> > > any feedback?
> >
> > Can't you do what something like pci_passthru.c does in passthru_init,
> > and open /dev/nvme0 in pci_nvme_init?
> >
> > Or am I missing something?

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."