lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 17 Oct 2021 18:34:56 -0400
From:   "Michael S. Tsirkin" <mst@...hat.com>
To:     Andi Kleen <ak@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Subject: Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of
 ioremap_host_shared

On Fri, Oct 15, 2021 at 06:34:17AM -0700, Andi Kleen wrote:
> cutting down the insane cc list.
> 
> On 10/14/2021 11:57 PM, Michael S. Tsirkin wrote:
> > On Thu, Oct 14, 2021 at 10:50:59PM -0700, Andi Kleen wrote:
> > > > I thought you basically create an OperationRegion of SystemMemory type,
> > > > and off you go. Maybe the OSPM in Linux is clever and protects
> > > > some memory, I wouldn't know.
> > > 
> > > I investigated this now, and it looks like acpi is using ioremap_cache(). We
> > > can hook into that and force non sharing. It's probably safe to assume that
> > > this is not used on real IO devices.
> > > 
> > > I think there are still some other BIOS mappings that use just plain
> > > ioremap() though.
> > > 
> > > 
> > > -Andi
> > Hmm don't you mean the reverse? If you make ioremap shared then OS is
> > protected from malicious ACPI?
> 
> 
> Nope
> 
> >   If you don't make it shared then
> > malicious ACPI can poke at arbitrary OS memory.
> 
> 
> When it's private it's protected and when it's shared it can be attacked
> 
> 
> > 
> > For BIOS I suspect there's no way around it, it needs to be
> > audited since it's executable.
> 
> 
> The guest BIOS is attested and trusted. The original ACPI tables by the BIOS
> are attested and trusted too.
> 
> Just if we map the ACPI tables temporarily shared then an evil hypervisor
> could modify them during that time window.
> 
> -Andi

I thought some more about it.

Fundamentally, ACPI has these types of OperationRegions:
SystemIO | SystemMemory | PCI_Config | EmbeddedControl | SMBus | SystemCMOS | 
PciBarTarget | IPMI | GeneralPurposeIO | GenericSerialBus |
PCC

Now, SystemMemory can be used to talk to either BIOS (should be
encrypted) or hypervisor (should not be encrypted).

I think it's not a great idea to commit to either, or teach users
to hack around it with command line flags.  Instead
there should be a new SystemMemoryUnencrypted API for interface with
the hypervisor. Can you guys propose this at the ACPI spec?
If not but at least we are in agreement I guess I can try to do it,
have a bit of experience with the ACPI spec.

And I assume PciBarTarget should be unencrypted so it can work.

-- 
MST

Powered by blists - more mailing lists