From: Andi Kleen <ak@linux.intel.com>
To: Jason Wang <jasowang@redhat.com>, mst@redhat.com
Cc: virtualization@lists.linux-foundation.org, hch@lst.de,
m.szyprowski@samsung.com, robin.murphy@arm.com,
iommu@lists.linux-foundation.org, x86@kernel.org,
sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: Virtio hardening for TDX
Date: Wed, 2 Jun 2021 18:56:27 -0700 [thread overview]
Message-ID: <33504152-624a-45cc-51b3-10ce7aa2428f@linux.intel.com> (raw)
In-Reply-To: <63d01084-68d2-a8d5-931d-541a22b5f231@redhat.com>
> Note that it's probably needed by other cases as well:
>
> 1) Other encrypted VM technology
> 2) VDUSE[1]
> 3) Smart NICs
Right. I don't see any reason why these shouldn't work. You may just
need to add the enable for the lockdown, but you can reuse the basic
infrastructure.
>
> We have already had discussions and some patches have been
> posted[2][3][4].
Thanks.
Yes [2] is indeed an alternative. We considered this at some point, but
since we don't care about DOS in our case it seemed simpler to just
harden the existing code. But yes if it's there it's useful for TDX too.
FWIW I would argue that the descriptor boundary checking should be added
in any case, security case or separated metadata or not, because it can
catch bugs and is very cheap. Checking boundaries is good practice.
[4] would be an independent issue, that's something we didn't catch.
Also the swiotlb hardening implemented in this patchkit doesn't seem to
be in any of the other patches.
So I would say my patches are mostly orthogonal to these patches below
and not conflicting, even though they address a similar problem space.
-Andi
prev parent reply other threads:[~2021-06-03 1:56 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 0:41 Virtio hardening for TDX Andi Kleen
2021-06-03 0:41 ` [PATCH v1 1/8] virtio: Force only split mode with protected guest Andi Kleen
2021-06-03 1:36 ` Jason Wang
2021-06-03 1:48 ` Andi Kleen
2021-06-03 2:32 ` Jason Wang
2021-06-03 2:56 ` Andi Kleen
2021-06-03 3:02 ` Jason Wang
2021-06-03 13:55 ` Andi Kleen
2021-06-04 2:29 ` Jason Wang
2021-06-03 17:33 ` Andy Lutomirski
2021-06-03 18:00 ` Andi Kleen
2021-06-03 19:31 ` Andy Lutomirski
2021-06-03 19:53 ` Andi Kleen
2021-06-03 22:17 ` Andy Lutomirski
2021-06-03 23:32 ` Andi Kleen
2021-06-04 1:46 ` Andy Lutomirski
2021-06-04 1:54 ` Andi Kleen
2021-06-04 1:22 ` Jason Wang
2021-06-04 1:29 ` Jason Wang
2021-06-04 2:20 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 2/8] virtio: Add boundary checks to virtio ring Andi Kleen
2021-06-03 2:14 ` Jason Wang
2021-06-03 2:18 ` Andi Kleen
2021-06-03 2:36 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 3/8] virtio: Harden split buffer detachment Andi Kleen
2021-06-03 2:29 ` Jason Wang
2021-06-03 0:41 ` [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Andi Kleen
2021-06-03 4:02 ` Kuppuswamy, Sathyanarayanan
2021-06-03 0:41 ` [PATCH v1 5/8] dma: Use size for swiotlb boundary checks Andi Kleen
2021-06-03 1:48 ` Konrad Rzeszutek Wilk
2021-06-03 2:03 ` Andi Kleen
2021-06-03 9:09 ` Robin Murphy
2021-06-03 0:41 ` [PATCH v1 6/8] dma: Add return value to dma_unmap_page Andi Kleen
2021-06-03 9:08 ` Robin Murphy
2021-06-03 12:36 ` Andi Kleen
2021-06-03 0:41 ` [PATCH v1 7/8] virtio: Abort IO when descriptor points outside forced swiotlb Andi Kleen
2021-06-03 0:41 ` [PATCH v1 8/8] virtio: Error out on endless free lists Andi Kleen
2021-06-03 1:34 ` Virtio hardening for TDX Jason Wang
2021-06-03 1:56 ` Andi Kleen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33504152-624a-45cc-51b3-10ce7aa2428f@linux.intel.com \
--to=ak@linux.intel.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=jasowang@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mst@redhat.com \
--cc=robin.murphy@arm.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).