From owner-freebsd-virtualization@freebsd.org Sat Mar 21 00:55:20 2020 Return-Path: Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA63D278468 for ; Sat, 21 Mar 2020 00:55:20 +0000 (UTC) (envelope-from wanpengqian@gmail.com) Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48khyH4NYZz3L6C for ; Sat, 21 Mar 2020 00:55:19 +0000 (UTC) (envelope-from wanpengqian@gmail.com) Received: by mail-qv1-xf34.google.com with SMTP id c28so4079784qvb.10 for ; Fri, 20 Mar 2020 17:55:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1kkAJOh9B9iAcK49q/OKxBSq4t0Z1YW24sCtQ8rqGRg=; b=dYsUpW6OMNqKBT4uSkjv1nZbtQPV3POnUg0Tr7yNFDCHRqCdB8Ct2O/a1xOxkDztVe qSzTJnOYC1ijobva3WyRj2aiU+c5YZukF7nECKZv/Jhnqujcy4v6sAQ/Ho2osXDI5sAm 7QmzopVs66nVfNrqk76PWEc9JxKzpFjg/5mOmIDKG1QrUd6I0irZvrFXcD8xZUXZxund 9dCCaY3ZlbX7/fSvNZYw2sLT4/TSfPQhssV1YW5gWmThzBlsJrStTU6mOZKPH3hQZ53d o1d+Hgk9vuQ+Btl7zTuCkQo35XRikArJ5HnmHWqL4Ts5O0TtRe/sueN8ej5/sZeI7y9y PL+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1kkAJOh9B9iAcK49q/OKxBSq4t0Z1YW24sCtQ8rqGRg=; b=LxPCgN+nl9vFOc0vbxi6qZotvcWI9zNLQKux4RGuIeVriUqZ0RS9KG1Q/lS0c6TTfd oORnP7ktVJiuGPoces6r16y6ZWuUyixC1lIoWZgbxICVuCABEaNzwrYjnnwbM4HUpkGg 5gGKekXNfFAEwTRyo1cm7yjaBdmBjydkj176ljyeMLYwshMuuHULOOdcgYRdpQjrwSLX /H2ZU6RNr+opEPAJy1849IhKzIn6s2qdYUe3R5e4vzSH7jo22UrUF+1u4IuANBoSuAbO ujUcyjfjdBDozp+t4ABS/kbQEXnEQWy7+OtMpKnc9W7W0rqT1dgXSz/BTHfT7tu2pkda KodQ== X-Gm-Message-State: ANhLgQ3Erv8qsUqRINALeiNYy2DCszL7BPsfQhcj5/Hgz44bU9xFZau+ QJ9mgBq1Gcc9pnpReDtb3aPzndxmiWUas+uDfWepcUBBCqM= X-Google-Smtp-Source: ADFU+vskVXLVBKu+ES4cGydKi70Ks2w927kNqXKtsQLdNjjHF6d/ixECx9asghdyniBBMEHhE2oRK1IVaPj0Rj+gQDc= X-Received: by 2002:a0c:fbcf:: with SMTP id n15mr10746931qvp.114.1584752118116; Fri, 20 Mar 2020 17:55:18 -0700 (PDT) MIME-Version: 1.0 References: <20200318175901.GI4213@funkthat.com> <20200321004938.GO4213@funkthat.com> In-Reply-To: <20200321004938.GO4213@funkthat.com> From: Wanpeng Qian Date: Sat, 21 Mar 2020 09:54:39 +0900 Message-ID: Subject: Re: bhyve: passthrough SMART info from host nvme controller To: John-Mark Gurney Cc: FreeBSD virtualization Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 48khyH4NYZz3L6C X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=dYsUpW6O; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of wanpengqian@gmail.com designates 2607:f8b0:4864:20::f34 as permitted sender) smtp.mailfrom=wanpengqian@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[4.3.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-7.29), ipnet: 2607:f8b0::/32(-0.98), asn: 15169(-1.06), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 00:55:20 -0000 > But as you point out, the only way to have that happen is to remove > capsicum, but that would make byhve overall LESS secure. Yes, Capsicum is a necessary. for now I just don't know how to get around it. I just think on pci_nvme_init, we get the SMART info from real device. and return that info when guest query SMART. so it will not update all the time. This way, guest application that depended on SMART Info will benefit from this fix. On Sat, Mar 21, 2020 at 9:49 AM John-Mark Gurney wrote: > > Wanpeng Qian wrote this message on Thu, Mar 19, 2020 at 12:09 +0900: > > > Can't you do what something like pci_passthru.c does in passthru_init, > > > and open /dev/nvme0 in pci_nvme_init? > > > > Yes, you are correct. but that will make /dev/nvme0 keep open all the time. > > I just thinking when guest fire a logpage command, open the /dev/nvme0 > > and get the SMART info. then close /dev/nvme0. > > But as you point out, the only way to have that happen is to remove > capsicum, but that would make byhve overall LESS secure. > > Even if you were able to open /dev/nvme0 at any time after the process > was locked down, it doesn't provide additional security, as any > attacker could just open it up, and do the operation... > > So, I'm really confused as to what the benefit of not opening it at > the start is.. > > > On Thu, Mar 19, 2020 at 2:59 AM John-Mark Gurney wrote: > > > > > > Wanpeng Qian wrote this message on Wed, Mar 18, 2020 at 13:05 +0900: > > > > But currently bhyve has Capsicum capability, I cannot > > > > open /dev/nvme0 within pci_nvme.c without extra code. > > > > (currently I just disable the Capsicum capability) > > > > > > > > any feedback? > > > > > > Can't you do what something like pci_passthru.c does in passthru_init, > > > and open /dev/nvme0 in pci_nvme_init? > > > > > > Or am I missing something? > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not."