linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andi Kleen <ak@linux.intel.com>
To: Jason Wang <jasowang@redhat.com>, mst@redhat.com
Cc: virtualization@lists.linux-foundation.org, hch@lst.de,
	m.szyprowski@samsung.com, robin.murphy@arm.com,
	iommu@lists.linux-foundation.org, x86@kernel.org,
	sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@redhat.com,
	linux-kernel@vger.kernel.org
Subject: Re: Virtio hardening for TDX
Date: Wed, 2 Jun 2021 18:56:27 -0700	[thread overview]
Message-ID: <33504152-624a-45cc-51b3-10ce7aa2428f@linux.intel.com> (raw)
In-Reply-To: <63d01084-68d2-a8d5-931d-541a22b5f231@redhat.com>


> Note that it's probably needed by other cases as well:
>
> 1) Other encrypted VM technology
> 2) VDUSE[1]
> 3) Smart NICs

Right. I don't see any reason why these shouldn't work. You may just 
need to add the enable for the lockdown, but you can reuse the basic 
infrastructure.

>
> We have already had discussions and some patches have been 
> posted[2][3][4].

Thanks.

Yes [2] is indeed an alternative. We considered this at some point, but 
since we don't care about DOS in our case it seemed simpler to just 
harden the existing code.  But yes if it's there it's useful for TDX too.

FWIW I would argue that the descriptor boundary checking should be added 
in any case, security case or separated metadata or not, because it can 
catch bugs and is very cheap. Checking boundaries is good practice.

[4] would be an independent issue, that's something we didn't catch.

Also the swiotlb hardening implemented in this patchkit doesn't seem to 
be in any of the other patches.

So I would say my patches are mostly orthogonal to these patches below 
and not conflicting, even though they address a similar problem space.

-Andi



      reply	other threads:[~2021-06-03  1:56 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-03  0:41 Virtio hardening for TDX Andi Kleen
2021-06-03  0:41 ` [PATCH v1 1/8] virtio: Force only split mode with protected guest Andi Kleen
2021-06-03  1:36   ` Jason Wang
2021-06-03  1:48     ` Andi Kleen
2021-06-03  2:32       ` Jason Wang
2021-06-03  2:56         ` Andi Kleen
2021-06-03  3:02           ` Jason Wang
2021-06-03 13:55             ` Andi Kleen
2021-06-04  2:29               ` Jason Wang
2021-06-03 17:33   ` Andy Lutomirski
2021-06-03 18:00     ` Andi Kleen
2021-06-03 19:31       ` Andy Lutomirski
2021-06-03 19:53         ` Andi Kleen
2021-06-03 22:17           ` Andy Lutomirski
2021-06-03 23:32             ` Andi Kleen
2021-06-04  1:46               ` Andy Lutomirski
2021-06-04  1:54                 ` Andi Kleen
2021-06-04  1:22         ` Jason Wang
2021-06-04  1:29       ` Jason Wang
2021-06-04  2:20     ` Jason Wang
2021-06-03  0:41 ` [PATCH v1 2/8] virtio: Add boundary checks to virtio ring Andi Kleen
2021-06-03  2:14   ` Jason Wang
2021-06-03  2:18     ` Andi Kleen
2021-06-03  2:36       ` Jason Wang
2021-06-03  0:41 ` [PATCH v1 3/8] virtio: Harden split buffer detachment Andi Kleen
2021-06-03  2:29   ` Jason Wang
2021-06-03  0:41 ` [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Andi Kleen
2021-06-03  4:02   ` Kuppuswamy, Sathyanarayanan
2021-06-03  0:41 ` [PATCH v1 5/8] dma: Use size for swiotlb boundary checks Andi Kleen
2021-06-03  1:48   ` Konrad Rzeszutek Wilk
2021-06-03  2:03     ` Andi Kleen
2021-06-03  9:09   ` Robin Murphy
2021-06-03  0:41 ` [PATCH v1 6/8] dma: Add return value to dma_unmap_page Andi Kleen
2021-06-03  9:08   ` Robin Murphy
2021-06-03 12:36     ` Andi Kleen
2021-06-03  0:41 ` [PATCH v1 7/8] virtio: Abort IO when descriptor points outside forced swiotlb Andi Kleen
2021-06-03  0:41 ` [PATCH v1 8/8] virtio: Error out on endless free lists Andi Kleen
2021-06-03  1:34 ` Virtio hardening for TDX Jason Wang
2021-06-03  1:56   ` Andi Kleen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33504152-624a-45cc-51b3-10ce7aa2428f@linux.intel.com \
    --to=ak@linux.intel.com \
    --cc=hch@lst.de \
    --cc=iommu@lists.linux-foundation.org \
    --cc=jasowang@redhat.com \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=mst@redhat.com \
    --cc=robin.murphy@arm.com \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).