| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Jan 2019 16:40:40 -0800
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: "Huang, Kai" <kai.huang@...el.com>
Cc: Andy Lutomirski <luto@...nel.org>,
Jethro Beekman <jethro@...tanix.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"x86@...nel.org" <x86@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
"H. Peter Anvin" <hpa@...or.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>,
Josh Triplett <josh@...htriplett.org>,
Haitao Huang <haitao.huang@...ux.intel.com>,
"Dr . Greg Wettstein" <greg@...ellic.com>
Subject: Re: x86/sgx: uapi change proposal
On Wed, Jan 09, 2019 at 04:21:19PM -0800, Huang, Kai wrote:
> > > > That's possible, but it has several downsides.
> > > >
> > > > - Duplicates a lot of code in KVM for managing memory regions.
> > >
> > > I don't see why there will be duplicated code. you can simply call
> > > __x86_set_memory_region to create private slot. It is KVM x86
> > > equivalent to KVM_SET_USER_MEMORY_REGION from userspace. The only
> > > difference is Qemu is not aware of the private slot.
> >
> > What about when we allow removing an EPC region? At that point you'd be
> > fully duplicating KVM_SET_USER_MEMORY_REGION. And that's not a purely
> > theoretical idea, it's something I'd like to support in the future, e.g.
> > via the WIP virtio-mem interface.
>
> OK. Isn't virtio-balloon good enough for us?
>
> Removing EPC is not consistent with hardware behaviour, but if you really
> want to support then should also be fine since we are not strictly
> following HW spec anyway.
Even if virtio-balloon is sufficient from a performance perspective, the
virtio-mem approach can provide unique capabilities, e.g. hotplugging
EPC into a VM or "I'm done with SGX, have all of my EPC back".
> >
> > https://events.linuxfoundation.org/wp-content/uploads/2017/12/virtio-
> > mem-Paravirtualized-Memory-David-Hildenbrand-Red-Hat-1.pdf
> >
> > > No. EPC info is from Qemu at the beginning (size is given by
> > > parameter, base is calculated by Qemu), and actually it is Qemu
> > > notifies KVM EPC info, so I don't think we require additional ioctls or
> > capabilities here.
> >
> > How does Qemu know KVM supports virtual EPC? Probing /dev/sgx doesn't
> > convey any information about KVM support. Maybe you could report it via
> > KVM_GET_SUPPORTED_CPUID, but that would be problematic for Qemu
> > since it would have to create vCPUs before initializing the machine.
>
> KVM_GET_SUPPORTED_CPUID is the one. I don't think KVM_GET_SUPPORTED_CPUID
> require creating vcpu prior, since it is global thing that platform supports. No?
It's not a KVM requirement, but rather Qemu's code flow. It sets up the
"machine" and then creates the vCPUs. The CPUID info is a CPU capability
and so isn't necessarily available when the "machine" is being created.
> >
> > The other aspect of private memslots is that they are not exposed to L2,
> > because again, from the guest's perspective, they do not exist. We can
> > obviously hackaround that restriction, but it's yet another hint that shoving
> > EPC into a private memslot is the wrong approach.
>
> But guest is aware of SGX and EPC so I don't see why it cannot be exposed
> to L2 even with private slot.
It's not that it can't be done, but rather we'd have to explicitly tell
KVM "this private slot isn't really private, expose it to L2". See
commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2").
Powered by blists - more mailing lists