Date: Thu, 19 Mar 2020 15:16:15 +0900 From: Wanpeng Qian <wanpengqian@gmail.com> To: Jason Tubnor <jason@tubnor.net> Cc: John-Mark Gurney <jmg@funkthat.com>, FreeBSD virtualization <freebsd-virtualization@freebsd.org> Subject: Re: bhyve: passthrough SMART info from host nvme controller Message-ID: <CANBJ%2BxS2BV9WM_1mcBD4QxEPc4Ftt4qb1GN0wtD1fAqJg4J18w@mail.gmail.com> In-Reply-To: <CACLnyC%2BUn0v5TQ=sLQ0e7gEFXPPU=VHbcmtyukX-Wy3=p0zkwQ@mail.gmail.com> References: <CANBJ%2BxRdvTUHV0PQeBK2y2bCWDi5idqrD-AsHCT02fWkBLzeQQ@mail.gmail.com> <20200318175901.GI4213@funkthat.com> <CANBJ%2BxTVV3gOv7%2B8Qq9Aq1PaHEo=W%2BNMuqMwZCD7uvU80NFLmA@mail.gmail.com> <CACLnyC%2BUn0v5TQ=sLQ0e7gEFXPPU=VHbcmtyukX-Wy3=p0zkwQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I dont think that is insecure. as bhyve can passthrough real device to VM. as your point, that make more insecure, right? Such configuration will not enable by default. if user intend to do it, system has this ability instead of not implement. Simple is best, less is secure. I know that. but real world has all kinds of requirements. if you provide more, more people using it. On Thu, Mar 19, 2020 at 12:58 PM Jason Tubnor <jason@tubnor.net> wrote: > > > > On Thu, 19 Mar 2020 at 14:09, Wanpeng Qian <wanpengqian@gmail.com> wrote: >> >> > Can't you do what something like pci_passthru.c does in passthru_init, >> > and open /dev/nvme0 in pci_nvme_init? >> >> Yes, you are correct. but that will make /dev/nvme0 keep open all the time. >> I just thinking when guest fire a logpage command, open the /dev/nvme0 >> and get the SMART info. then close /dev/nvme0. > > > So are you implying that it is safe for a guest to send such a call at anytime? For those that use bhyve for isolation, this sort of facility would be problematic not to mention insecure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANBJ%2BxS2BV9WM_1mcBD4QxEPc4Ftt4qb1GN0wtD1fAqJg4J18w>