From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com [209.85.167.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F48E72 for ; Mon, 15 Nov 2021 18:41:27 +0000 (UTC) Received: by mail-oi1-f169.google.com with SMTP id w199so3513448oiw.4 for ; Mon, 15 Nov 2021 10:41:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DvmCs80nJQRJulfMPNgITfN/kpc9dv/WOKQeVjWwio4=; b=D2Mt+z865FvjQUumFXEdNURlsU2N9UC/MMmG8rlUqPypkNsBqmKRw0im+95vMwMZt+ lOyHOqJBT2Wf61emETZgh/H8MwFKn+7mxNspVDUE3ab/thq8z8MqaNv5E3cFC88Dhb1D kozJOtu5iF3U6ReVV+IClUxB/KJuaaQOSaFzBpZV/RSinsd98IOm4cNGt+PpulbFPi4G fh0anmlEfno22cJKa2/xdP2buGHXZVvlyBs3T5g9PgR1ul84hlgBs7kIQv+hZicSWIx/ DFY+BXoYlqwxk1FLb90BO7ox0VLE0OsYnIeGGKqSrw6S20pm4gRfEwAzqEUKSDwO5qAw 9xyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DvmCs80nJQRJulfMPNgITfN/kpc9dv/WOKQeVjWwio4=; b=m326YGH3bDmK/fCB4yI8S/7NYe9zkIuuNVxFiNjzUG0iu1O+LdZkbrVGvMjIk4EcVl qjlokRawDVEuHKyHNcfma07BtOmMet+dxsl7yiq60gQQ+OtZrALO2rQ7UEzZPGYUQNCf 3BjE0qFN7LWu5c24LC0gmyTRaO5J34fODkaJiZrRP0+Euy0xvekd2UcUKGBtzLYOohK+ wTXG5LEyod2V4jF63u39lqcP7mqeT3plfbRjhQf8Gq8orBO6e8IUIg4it4ySffIuYOkD TfJQRjDm3qm0I/Mer+K/fblCrxUHiaNeLk4STcxwSe/kSS6lk+ZXjczWgx+4gasycn33 mFIw== X-Gm-Message-State: AOAM530hXCTodJCSLv/TOqd67BPqM0OpTMYSneYmeiTqD6PSKm5O3TPT h6BUmN8VBTjyddaE0Ha8Pha0s5gex6JS6J+enjuu5Q== X-Google-Smtp-Source: ABdhPJw+kw8Q07aUefBFMr3P/o64UhYLq5zXtIiaN0731ps80GxSYVXnY4M15E2ojpsZr+HhuXIh46aqRnH7y2V4Jys= X-Received: by 2002:a54:4515:: with SMTP id l21mr746806oil.15.1637001686230; Mon, 15 Nov 2021 10:41:26 -0800 (PST) Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20210820155918.7518-1-brijesh.singh@amd.com> <061ccd49-3b9f-d603-bafd-61a067c3f6fa@intel.com> In-Reply-To: From: Marc Orr Date: Mon, 15 Nov 2021 10:41:15 -0800 Message-ID: Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support To: Sean Christopherson Cc: "Dr. David Alan Gilbert" , Borislav Petkov , Dave Hansen , Peter Gonda , Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com Content-Type: text/plain; charset="UTF-8" On Mon, Nov 15, 2021 at 10:26 AM Sean Christopherson wrote: > > On Mon, Nov 15, 2021, Dr. David Alan Gilbert wrote: > > * Sean Christopherson (seanjc@google.com) wrote: > > > On Fri, Nov 12, 2021, Borislav Petkov wrote: > > > > On Fri, Nov 12, 2021 at 09:59:46AM -0800, Dave Hansen wrote: > > > > > Or, is there some mechanism that prevent guest-private memory from being > > > > > accessed in random host kernel code? > > > > > > Or random host userspace code... > > > > > > > So I'm currently under the impression that random host->guest accesses > > > > should not happen if not previously agreed upon by both. > > > > > > Key word "should". > > > > > > > Because, as explained on IRC, if host touches a private guest page, > > > > whatever the host does to that page, the next time the guest runs, it'll > > > > get a #VC where it will see that that page doesn't belong to it anymore > > > > and then, out of paranoia, it will simply terminate to protect itself. > > > > > > > > So cloud providers should have an interest to prevent such random stray > > > > accesses if they wanna have guests. :) > > > > > > Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong. > > > > Would it necessarily have been a host bug? A guest telling the host a > > bad GPA to DMA into would trigger this wouldn't it? > > No, because as Andy pointed out, host userspace must already guard against a bad > GPA, i.e. this is just a variant of the guest telling the host to DMA to a GPA > that is completely bogus. The shared vs. private behavior just means that when > host userspace is doing a GPA=>HVA lookup, it needs to incorporate the "shared" > state of the GPA. If the host goes and DMAs into the completely wrong HVA=>PFN, > then that is a host bug; that the bug happened to be exploited by a buggy/malicious > guest doesn't change the fact that the host messed up. "If the host goes and DMAs into the completely wrong HVA=>PFN, then that is a host bug; that the bug happened to be exploited by a buggy/malicious guest doesn't change the fact that the host messed up." ^^^ Again, I'm flabbergasted that you are arguing that it's OK for a guest to exploit a host bug to take down host-side processes or the host itself, either of which could bring down all other VMs on the machine. I'm going to repeat -- this is not OK! Period. Again, if the community wants to layer some orchestration scheme between host userspace, host kernel, and guest, on top of the code to inject the #VC into the guest, that's fine. This proposal is not stopping that. In fact, the two approaches are completely orthogonal and compatible. But so far I have heard zero reasons why injecting a #VC into the guest is wrong. Other than just stating that it's wrong. Again, the guest must be able to detect buggy and malicious host-side writes to private memory. Or else "confidential computing" doesn't work. Assuming that's not true is not a valid argument to dismiss injecting a #VC exception into the guest.