New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`io_uring` passthrough blockers #35

Open

enterJazz opened this issue Dec 20, 2023 · 1 comment

Contributor

enterJazz commented Dec 20, 2023

Here is a short description of why we abandoned io_uring for cvm-io.

In short, io_uring is too insecure for passthrough ; most is explained in https://lore.kernel.org/all/[email protected]/T/

io_uring for Qemu VMs does not isolate VMs

w/ current io_uring, VMs inherit all permissions of Qemu regarding reading / writing files. Hence, VMs would not be isolated
[1] is a corresponding RFC to restrict the permissions of VMs using io_uring

no io_uring passthrough implementation currently exists

although an existing prototype was pitched [2], no such prototype is publically available
as mentioned in [1], the main developers first wish to resolve (1.) before continuing their prototype

notable: io_uring is still currently considered unsafe and buggy ( see [3] )

its use would definitely decrease the security of CVMs TCB
however, we expect io_uring to become safer in the future

[1] https://lore.kernel.org/all/[email protected]/T/
[2] https://static.sched.com/hosted_files/kvmforum2020/9c/KVMForum_2020_io_uring_passthrough_Stefano_Garzarella.pdf
[3] https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html

The text was updated successfully, but these errors were encountered:

Contributor Author

enterJazz commented Dec 20, 2023

@qafy this may interest you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment