lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d3bf637e-556a-be48-39f9-dc7defd19092@linux.intel.com>
Date:   Thu, 3 Jun 2021 18:54:54 -0700
From:   Andi Kleen <ak@...ux.intel.com>
To:     Andy Lutomirski <luto@...nel.org>, mst@...hat.com
Cc:     Jason Wang <jasowang@...hat.com>,
        virtualization@...ts.linux-foundation.org, hch@....de,
        m.szyprowski@...sung.com, robin.murphy@....com,
        iommu@...ts.linux-foundation.org,
        the arch/x86 maintainers <x86@...nel.org>,
        sathyanarayanan.kuppuswamy@...ux.intel.com,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest


> For most Linux drivers, a report that a misbehaving device can corrupt
> host memory is a bug, not a feature.  If a USB device can corrupt kernel
> memory, that's a serious bug.  If a USB-C device can corrupt kernel
> memory, that's also a serious bug, although, sadly, we probably have
> lots of these bugs.  If a Firewire device can corrupt kernel memory,
> news at 11.  If a Bluetooth or WiFi peer can corrupt kernel memory,
> people write sonnets about it and give it clever names.  Why is virtio
> special?

Well for most cases it's pointless because they don't have any memory 
protection anyways.

Why break compatibility if it does not buy you anything?

Anyways if you want to enable the restricted mode for something else, 
it's easy to do. The cases where it matters seem to already work on it, 
like the user space virtio ring.

My changes for boundary checking are enabled unconditionally anyways, as 
well as the other patchkits.


>
> This one:
>
> int arch_has_restricted_virtio_memory_access(void)
> +{
> +	return is_tdx_guest();
> +}
>
> I'm looking at a fairly recent kernel, and I don't see anything for s390
> wired up in vring_use_dma_api.

It's not using vring_use_dma_api, but enforces the DMA API at virtio 
ring setup time, same as SEV/TDX.

-Andi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ