From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> To: James Bottomley <jejb@linux.ibm.com> Cc: Ashish Kalra <ashish.kalra@amd.com>, Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org, thomas.lendacky@amd.com, brijesh.singh@amd.com, ehabkost@redhat.com, mst@redhat.com, richard.henderson@linaro.org, tobin@ibm.com, dovmurik@linux.vnet.ibm.com, frankeh@us.ibm.com, kvm@vger.kernel.org Subject: Re: [RFC PATCH 00/13] Add support for Mirror VM. Date: Wed, 18 Aug 2021 16:43:29 +0100 [thread overview] Message-ID: <YR0qoV6tDuVxddL5@work-vm> (raw) In-Reply-To: <8ae11fca26e8d7f96ffc7ec6353c87353cadc63a.camel@linux.ibm.com> * James Bottomley (jejb@linux.ibm.com) wrote: > On Wed, 2021-08-18 at 16:31 +0100, Dr. David Alan Gilbert wrote: > > * James Bottomley (jejb@linux.ibm.com) wrote: > > > On Wed, 2021-08-18 at 10:31 +0000, Ashish Kalra wrote: > > > > Hello Paolo, > > > > > > > > On Mon, Aug 16, 2021 at 05:38:55PM +0200, Paolo Bonzini wrote: > > > > > On 16/08/21 17:13, Ashish Kalra wrote: > > > > > > > > I think that once the mirror VM starts booting and > > > > > > > > running the UEFI code, it might be only during the PEI or > > > > > > > > DXE phase where it will start actually running the MH > > > > > > > > code, so mirror VM probably still need to handles > > > > > > > > KVM_EXIT_IO when SEC phase does I/O, I can see PIC > > > > > > > > accesses and Debug Agent initialization stuff in SEC > > > > > > > > startup code. > > > > > > > That may be a design of the migration helper code that you > > > > > > > were working with, but it's not necessary. > > > > > > > > > > > > > Actually my comments are about a more generic MH code. > > > > > > > > > > I don't think that would be a good idea; designing QEMU's > > > > > migration helper interface to be as constrained as possible is > > > > > a good thing. The migration helper is extremely security > > > > > sensitive code, so it should not expose itself to the attack > > > > > surface of the whole of QEMU. > > > > > > The attack surface of the MH in the guest is simply the API. The > > > API needs to do two things: > > > > > > 1. validate a correct endpoint and negotiate a wrapping key > > > 2. When requested by QEMU, wrap a section of guest encrypted > > > memory > > > with the wrapping key and return it. > > > > > > The big security risk is in 1. if the MH can be tricked into > > > communicating with the wrong endpoint it will leak the entire > > > guest. If we can lock that down, I don't see any particular > > > security problem with 2. So, provided we get the security > > > properties of the API correct, I think we won't have to worry over > > > much about exposure of the API. > > > > Well, we'd have to make sure it only does stuff on behalf of qemu; if > > the guest can ever write to MH's memory it could do something that > > the guest shouldn't be able to. > > Given the lack of SMI, we can't guarantee that with plain SEV and -ES. > Once we move to -SNP, we can use VMPLs to achieve this. Doesn't the MH have access to different slots and running on separate vCPUs; so it's still got some separation? > But realistically, given the above API, even if the guest is malicious, > what can it do? I think it's simply return bogus pages that cause a > crash on start after migration, which doesn't look like a huge risk to > the cloud to me (it's more a self destructive act on behalf of the > guest). I'm a bit worried about the data structures that are shared between the migration code in qemu and the MH; the code in qemu is going to have to be paranoid about not trusting anything coming from the MH. Dave > James > > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> To: James Bottomley <jejb@linux.ibm.com> Cc: thomas.lendacky@amd.com, Ashish Kalra <ashish.kalra@amd.com>, brijesh.singh@amd.com, ehabkost@redhat.com, kvm@vger.kernel.org, mst@redhat.com, tobin@ibm.com, richard.henderson@linaro.org, qemu-devel@nongnu.org, frankeh@us.ibm.com, dovmurik@linux.vnet.ibm.com, Paolo Bonzini <pbonzini@redhat.com> Subject: Re: [RFC PATCH 00/13] Add support for Mirror VM. Date: Wed, 18 Aug 2021 16:43:29 +0100 [thread overview] Message-ID: <YR0qoV6tDuVxddL5@work-vm> (raw) In-Reply-To: <8ae11fca26e8d7f96ffc7ec6353c87353cadc63a.camel@linux.ibm.com> * James Bottomley (jejb@linux.ibm.com) wrote: > On Wed, 2021-08-18 at 16:31 +0100, Dr. David Alan Gilbert wrote: > > * James Bottomley (jejb@linux.ibm.com) wrote: > > > On Wed, 2021-08-18 at 10:31 +0000, Ashish Kalra wrote: > > > > Hello Paolo, > > > > > > > > On Mon, Aug 16, 2021 at 05:38:55PM +0200, Paolo Bonzini wrote: > > > > > On 16/08/21 17:13, Ashish Kalra wrote: > > > > > > > > I think that once the mirror VM starts booting and > > > > > > > > running the UEFI code, it might be only during the PEI or > > > > > > > > DXE phase where it will start actually running the MH > > > > > > > > code, so mirror VM probably still need to handles > > > > > > > > KVM_EXIT_IO when SEC phase does I/O, I can see PIC > > > > > > > > accesses and Debug Agent initialization stuff in SEC > > > > > > > > startup code. > > > > > > > That may be a design of the migration helper code that you > > > > > > > were working with, but it's not necessary. > > > > > > > > > > > > > Actually my comments are about a more generic MH code. > > > > > > > > > > I don't think that would be a good idea; designing QEMU's > > > > > migration helper interface to be as constrained as possible is > > > > > a good thing. The migration helper is extremely security > > > > > sensitive code, so it should not expose itself to the attack > > > > > surface of the whole of QEMU. > > > > > > The attack surface of the MH in the guest is simply the API. The > > > API needs to do two things: > > > > > > 1. validate a correct endpoint and negotiate a wrapping key > > > 2. When requested by QEMU, wrap a section of guest encrypted > > > memory > > > with the wrapping key and return it. > > > > > > The big security risk is in 1. if the MH can be tricked into > > > communicating with the wrong endpoint it will leak the entire > > > guest. If we can lock that down, I don't see any particular > > > security problem with 2. So, provided we get the security > > > properties of the API correct, I think we won't have to worry over > > > much about exposure of the API. > > > > Well, we'd have to make sure it only does stuff on behalf of qemu; if > > the guest can ever write to MH's memory it could do something that > > the guest shouldn't be able to. > > Given the lack of SMI, we can't guarantee that with plain SEV and -ES. > Once we move to -SNP, we can use VMPLs to achieve this. Doesn't the MH have access to different slots and running on separate vCPUs; so it's still got some separation? > But realistically, given the above API, even if the guest is malicious, > what can it do? I think it's simply return bogus pages that cause a > crash on start after migration, which doesn't look like a huge risk to > the cloud to me (it's more a self destructive act on behalf of the > guest). I'm a bit worried about the data structures that are shared between the migration code in qemu and the MH; the code in qemu is going to have to be paranoid about not trusting anything coming from the MH. Dave > James > > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2021-08-18 15:43 UTC|newest] Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-16 13:25 [RFC PATCH 00/13] Add support for Mirror VM Ashish Kalra 2021-08-16 13:26 ` [RFC PATCH 01/13] machine: Add mirrorvcpus=N suboption to -smp Ashish Kalra 2021-08-16 21:23 ` Eric Blake 2021-08-16 21:23 ` Eric Blake 2021-08-16 13:27 ` [RFC PATCH 02/13] hw/boards: Add mirror_vcpu flag to CPUArchId Ashish Kalra 2021-08-16 13:27 ` [RFC PATCH 03/13] hw/i386: Mark mirror vcpus in possible_cpus Ashish Kalra 2021-08-16 13:27 ` [RFC PATCH 04/13] hw/acpi: Don't include mirror vcpus in ACPI tables Ashish Kalra 2021-08-16 13:28 ` [RFC PATCH 05/13] cpu: Add boolean mirror_vcpu field to CPUState Ashish Kalra 2021-08-16 13:28 ` [RFC PATCH 06/13] hw/i386: Set CPUState.mirror_vcpu=true for mirror vcpus Ashish Kalra 2021-08-16 13:29 ` [RFC PATCH 07/13] kvm: Add Mirror VM ioctl and enable cap interfaces Ashish Kalra 2021-08-16 13:29 ` [RFC PATCH 08/13] kvm: Add Mirror VM support Ashish Kalra 2021-08-16 13:29 ` [RFC PATCH 09/13] kvm: create Mirror VM and share primary VM's encryption context Ashish Kalra 2021-08-16 13:30 ` [RFC PATCH 10/13] softmmu/cpu: Skip mirror vcpu's for pause, resume and synchronization Ashish Kalra 2021-08-16 13:30 ` [RFC PATCH 11/13] kvm/apic: Disable in-kernel APIC support for mirror vcpu's Ashish Kalra 2021-08-16 13:31 ` [RFC PATCH 12/13] hw/acpi: disable modern CPU hotplug interface " Ashish Kalra 2021-08-16 13:31 ` [RFC PATCH 13/13] hw/i386/pc: reduce fw_cfg boot cpu count taking into account " Ashish Kalra 2021-08-16 14:01 ` [RFC PATCH 00/13] Add support for Mirror VM Claudio Fontana 2021-08-16 14:01 ` Claudio Fontana 2021-08-16 14:15 ` Paolo Bonzini 2021-08-16 14:15 ` Paolo Bonzini 2021-08-16 14:23 ` Daniel P. Berrangé 2021-08-16 14:23 ` Daniel P. Berrangé 2021-08-16 15:00 ` Paolo Bonzini 2021-08-16 15:00 ` Paolo Bonzini 2021-08-16 15:16 ` Daniel P. Berrangé 2021-08-16 15:16 ` Daniel P. Berrangé 2021-08-16 15:35 ` Paolo Bonzini 2021-08-16 15:35 ` Paolo Bonzini 2021-08-16 14:44 ` Ashish Kalra 2021-08-16 14:58 ` Paolo Bonzini 2021-08-16 14:58 ` Paolo Bonzini 2021-08-16 15:13 ` Ashish Kalra 2021-08-16 15:38 ` Paolo Bonzini 2021-08-16 15:38 ` Paolo Bonzini 2021-08-16 15:48 ` Dr. David Alan Gilbert 2021-08-16 15:48 ` Dr. David Alan Gilbert 2021-08-18 10:31 ` Ashish Kalra 2021-08-18 11:25 ` James Bottomley 2021-08-18 11:25 ` James Bottomley 2021-08-18 15:31 ` Dr. David Alan Gilbert 2021-08-18 15:31 ` Dr. David Alan Gilbert 2021-08-18 15:35 ` James Bottomley 2021-08-18 15:35 ` James Bottomley 2021-08-18 15:43 ` Dr. David Alan Gilbert [this message] 2021-08-18 15:43 ` Dr. David Alan Gilbert 2021-08-18 16:28 ` James Bottomley 2021-08-18 16:28 ` James Bottomley 2021-08-18 17:30 ` Dr. David Alan Gilbert 2021-08-18 17:30 ` Dr. David Alan Gilbert 2021-08-18 18:51 ` James Bottomley 2021-08-18 18:51 ` James Bottomley 2021-08-18 19:47 ` Paolo Bonzini 2021-08-16 17:23 ` Dr. David Alan Gilbert 2021-08-16 17:23 ` Dr. David Alan Gilbert 2021-08-16 20:53 ` Paolo Bonzini 2021-08-16 23:53 ` Steve Rutherford 2021-08-16 23:53 ` Steve Rutherford 2021-08-17 7:05 ` Michael S. Tsirkin 2021-08-17 7:05 ` Michael S. Tsirkin 2021-08-17 8:38 ` Dr. David Alan Gilbert 2021-08-17 8:38 ` Dr. David Alan Gilbert 2021-08-17 14:08 ` Ashish Kalra 2021-08-17 16:32 ` Paolo Bonzini 2021-08-17 16:32 ` Paolo Bonzini 2021-08-17 20:50 ` Tobin Feldman-Fitzthum 2021-08-17 20:50 ` Tobin Feldman-Fitzthum 2021-08-17 22:04 ` Steve Rutherford 2021-08-17 22:04 ` Steve Rutherford 2021-08-18 15:32 ` Tobin Feldman-Fitzthum 2021-08-18 15:32 ` Tobin Feldman-Fitzthum 2021-08-18 19:04 ` Dr. David Alan Gilbert 2021-08-18 19:04 ` Dr. David Alan Gilbert 2021-08-18 21:42 ` Tobin Feldman-Fitzthum 2021-08-18 21:42 ` Tobin Feldman-Fitzthum 2021-08-19 8:22 ` Dr. David Alan Gilbert 2021-08-19 8:22 ` Dr. David Alan Gilbert 2021-08-19 14:06 ` James Bottomley 2021-08-19 14:06 ` James Bottomley 2021-08-19 14:28 ` Dr. David Alan Gilbert 2021-08-19 14:28 ` Dr. David Alan Gilbert 2021-08-19 22:10 ` James Bottomley 2021-08-19 22:10 ` James Bottomley 2021-08-23 12:26 ` Dr. David Alan Gilbert 2021-08-23 12:26 ` Dr. David Alan Gilbert 2021-08-23 16:28 ` Tobin Feldman-Fitzthum 2021-08-23 16:28 ` Tobin Feldman-Fitzthum 2021-08-19 14:07 ` Tobin Feldman-Fitzthum 2021-08-19 14:07 ` Tobin Feldman-Fitzthum 2021-08-17 23:20 ` Paolo Bonzini 2021-08-17 23:20 ` Paolo Bonzini 2021-08-17 21:54 ` Steve Rutherford 2021-08-17 21:54 ` Steve Rutherford 2021-08-17 22:37 ` Paolo Bonzini 2021-08-17 22:37 ` Paolo Bonzini 2021-08-17 22:57 ` James Bottomley 2021-08-17 22:57 ` James Bottomley 2021-08-17 23:10 ` Steve Rutherford 2021-08-17 23:10 ` Steve Rutherford 2021-08-18 2:49 ` James Bottomley 2021-08-18 2:49 ` James Bottomley 2021-08-18 14:06 ` Ashish Kalra 2021-08-18 17:07 ` Ashish Kalra 2021-08-16 15:07 Tobin Feldman-Fitzthum 2021-08-16 15:07 ` Tobin Feldman-Fitzthum
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YR0qoV6tDuVxddL5@work-vm \ --to=dgilbert@redhat.com \ --cc=ashish.kalra@amd.com \ --cc=brijesh.singh@amd.com \ --cc=dovmurik@linux.vnet.ibm.com \ --cc=ehabkost@redhat.com \ --cc=frankeh@us.ibm.com \ --cc=jejb@linux.ibm.com \ --cc=kvm@vger.kernel.org \ --cc=mst@redhat.com \ --cc=pbonzini@redhat.com \ --cc=qemu-devel@nongnu.org \ --cc=richard.henderson@linaro.org \ --cc=thomas.lendacky@amd.com \ --cc=tobin@ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.