Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5150181pxj; Wed, 9 Jun 2021 10:15:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyP/T14pg9pDaV+3T1jkE+KmQqd+dRJpdfN0j5AJ0YSthoIh+FgVT2tY0BXYPmZTdSTX/Kc X-Received: by 2002:a17:906:3a8e:: with SMTP id y14mr868926ejd.153.1623258900059; Wed, 09 Jun 2021 10:15:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623258900; cv=none; d=google.com; s=arc-20160816; b=uDpKPwoM9smwnTBVALKQnckrvJgKv0/TAN1sHdKYD3+tQmTaZoPLS/bghyCeW/YUHH btFNBQjuphAl5xZHDL2CHPTE0yDIf8d6eicWYr1ifDlTw5ea6X44yDdO7nn/WQL32lHl 5pqQ467Xhm/JxTbRlB8VgpvtuGGhPua2NG9suwt8UM/VVGFKNthUSRl61FITwb2BflU/ qecqcGX89bPnEkgVVerNkmEqCyiPW/xHrx/gig0DE2cUh4ST2jZi9XWHOmT47KNbYt+I TFHWrKFezKJMrz+EQXAA6AMY7I56mkzUcIYvQXbH7wXgNMj3Hllsg7Dzym/xI6X5eM2Q T8Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=a3rpYhLPLeIv7XKbVfPzJ7CbW1DPNkzUV4TN6iOTMts=; b=fXuaiwq7Ob3W0sj1YUF+PEQf9QPFPiiUHZXVCGgD0mtTweSoA3Q5RDSYTg3zyIJfP4 a8X5YKJZIUh7oOGq7lkrOSRZ+YA7kcKD8/3WJZpp+kZ5DjEmE4ScsG1IUhgPRMfcP0Cn 2hgZ4Y+02gelBOrltxyuwRn5SaX65eQhPAwuU5glFCydPS03doWsMoPUoAlOFH1NAfci F/KxTNNjaCjklYPlPlaxKMFQPxsYvvB70hj68d1+wVMowTi0w+umO8Dd5lX0Y48ftr0n FhNyQ666WhsbxFRASxX6tARyMKsyog99ObheyU+fgTO9meGoeQswj038ZAHg9SHDGMEB P6mw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kd21si293488ejc.336.2021.06.09.10.14.35; Wed, 09 Jun 2021 10:15:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237795AbhFIIyQ (ORCPT + 99 others); Wed, 9 Jun 2021 04:54:16 -0400 Received: from mout.kundenserver.de ([217.72.192.75]:44127 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237793AbhFIIyQ (ORCPT ); Wed, 9 Jun 2021 04:54:16 -0400 Received: from [192.168.1.155] ([77.9.120.3]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MaIGB-1lo04d0Q0D-00WDfS; Wed, 09 Jun 2021 10:51:54 +0200 Subject: Re: [RFC] /dev/ioasid uAPI proposal To: Jason Gunthorpe , Alex Williamson Cc: Paolo Bonzini , "Tian, Kevin" , Jean-Philippe Brucker , "Jiang, Dave" , "Raj, Ashok" , "kvm@vger.kernel.org" , Jonathan Corbet , Robin Murphy , LKML , "iommu@lists.linux-foundation.org" , David Gibson , Kirti Wankhede , David Woodhouse , Jason Wang References: <30e5c597-b31c-56de-c75e-950c91947d8f@redhat.com> <20210604160336.GA414156@nvidia.com> <2c62b5c7-582a-c710-0436-4ac5e8fd8b39@redhat.com> <20210604172207.GT1002214@nvidia.com> <2d1ad075-bec6-bfb9-ce71-ed873795e973@redhat.com> <20210607175926.GJ1002214@nvidia.com> <20210608131547.GE1002214@nvidia.com> <89d30977-119c-49f3-3bf6-d3f7104e07d8@redhat.com> <20210608124700.7b9aa5a6.alex.williamson@redhat.com> <20210608190022.GM1002214@nvidia.com> From: "Enrico Weigelt, metux IT consult" Message-ID: Date: Wed, 9 Jun 2021 10:51:49 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <20210608190022.GM1002214@nvidia.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: tl Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:129gpDF0BUiljAKLG/lQM9gOvQsLJNYv6mn4lsTL3Y6scaycnu6 FPVYBAyrjnF1UY5uwjcf4oFw4beloQnySFsPKYbawZfN6tAapAsVHo2QgL4R4yFkhCoiQly iyPTJnWT8Mwi7XapNxHe64Lv15irUjL5dqbROpopaoobxzsl59SG2wsiJeu+82nnrgqc/7a JUvZonTmpEByKtCFMeFWw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:POLH6n9P4zc=:r5TZcQVPFRF4PjIFhtEtsc dD3FDxLNBDMLgWG/MNRgaoxxjZoeGAnDFNrL5n572RnYavwM9FfniMfqfMegke/Kgg+e/KzJa 9LT9KniwqqSJEplpR6p60i0ubJxhUj61aitZlsxUKoHu1+cYuoLonSFnlHgOXXC3zFb7sKL/l 5+N8urVp3aD+42CMom3DQmR/OhngLKKh+hlZaij3jykJCSIz47lO9KJuXFI+YhvVENVR+ioig WZT63ZCSIX6xP1GiD1irLtO7PWirac5YLkWT77v6fAqAq7TwBbrQ5aSJndaBXoRp894v5mq+A hxHvxDh5Ac4N20dRUBxzHcjupjmrO/qFNOsUIZXrvj6wkMw2LhuGnb9V7NHPk8ut4K8TtSMzz NftmcBDo+y4gl+xa7jJC9dAZA2MJKxdMtOURjbYeDGaoHWYoYYUAaW9hKpmQVqPUOVzVXdpKb BnL/wbMl256p27IIfNXK9nADHPcn4funqrbusWTku0lTWHysNztTXM0dDN+uqFCyfGjMB/61y SDR8IC7P1tGKRZkANhzhfE= Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08.06.21 21:00, Jason Gunthorpe wrote: > Eg I can do open() on a file and I get to keep that FD. I get to keep > that FD even if someone later does chmod() on that file so I can't > open it again. > > There are lots of examples where a one time access control check > provides continuing access to a resource. I feel the ongoing proof is > the rarity in Unix.. 'revoke' is an uncommon concept in Unix.. Yes, it's even possible that somebody w/ privileges opens an fd and hands it over to somebody unprivileged (eg. via unix socket). This is a very basic unix concept. If some (already opened) fd now suddenly behaves differently based on the current caller, that would be a break with traditional unix semantics. --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287