lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZIyk+qIBRD6ezlPo@google.com>
Date:   Fri, 16 Jun 2023 11:07:54 -0700
From:   Sean Christopherson <seanjc@...gle.com>
To:     Dmytro Maluka <dmy@...ihalf.com>
Cc:     Elena Reshetova <elena.reshetova@...el.com>,
        Carlos Bilbao <carlos.bilbao@....com>,
        Jason CJ Chen <jason.cj.chen@...el.com>,
        "corbet@....net" <corbet@....net>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "ardb@...nel.org" <ardb@...nel.org>,
        "kraxel@...hat.com" <kraxel@...hat.com>,
        "dovmurik@...ux.ibm.com" <dovmurik@...ux.ibm.com>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "Dhaval.Giani@....com" <Dhaval.Giani@....com>,
        "michael.day@....com" <michael.day@....com>,
        "pavankumar.paluri@....com" <pavankumar.paluri@....com>,
        "David.Kaplan@....com" <David.Kaplan@....com>,
        "Reshma.Lal@....com" <Reshma.Lal@....com>,
        "Jeremy.Powell@....com" <Jeremy.Powell@....com>,
        "sathyanarayanan.kuppuswamy@...ux.intel.com" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        "alexander.shishkin@...ux.intel.com" 
        <alexander.shishkin@...ux.intel.com>,
        "thomas.lendacky@....com" <thomas.lendacky@....com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "dgilbert@...hat.com" <dgilbert@...hat.com>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "dinechin@...hat.com" <dinechin@...hat.com>,
        "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
        "berrange@...hat.com" <berrange@...hat.com>,
        "mst@...hat.com" <mst@...hat.com>, "tytso@....edu" <tytso@....edu>,
        "jikos@...nel.org" <jikos@...nel.org>,
        "joro@...tes.org" <joro@...tes.org>,
        "leon@...nel.org" <leon@...nel.org>,
        "richard.weinberger@...il.com" <richard.weinberger@...il.com>,
        "lukas@...ner.de" <lukas@...ner.de>,
        "jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
        "cdupontd@...hat.com" <cdupontd@...hat.com>,
        "jasowang@...hat.com" <jasowang@...hat.com>,
        "sameo@...osinc.com" <sameo@...osinc.com>,
        "bp@...en8.de" <bp@...en8.de>,
        "security@...nel.org" <security@...nel.org>,
        Larry Dewey <larry.dewey@....com>, android-kvm@...gle.com,
        Dmitry Torokhov <dtor@...gle.com>,
        Allen Webb <allenwebb@...gle.com>,
        Tomasz Nowicki <tn@...ihalf.com>,
        Grzegorz Jaszczyk <jaz@...ihalf.com>,
        Patryk Duda <pdk@...ihalf.com>
Subject: Re: [PATCH v2] docs: security: Confidential computing intro and
 threat model for x86 virtualization

On Fri, Jun 16, 2023, Dmytro Maluka wrote:
> On 6/16/23 15:56, Sean Christopherson wrote:
> > On Fri, Jun 16, 2023, Dmytro Maluka wrote:
> >> On 6/14/23 16:15, Sean Christopherson wrote:
> >>> On Wed, Jun 14, 2023, Elena Reshetova wrote:
> >>>>>> +This new type of adversary may be viewed as a more powerful type
> >>>>>> +of external attacker, as it resides locally on the same physical machine
> >>>>>> +-in contrast to a remote network attacker- and has control over the guest
> >>>>>> +kernel communication with most of the HW::
> >>>>>
> >>>>> IIUC, this last statement doesn't hold true for the pKVM on x86 use case, which
> >>>>> specifically aims to give a "guest" exclusive access to hardware resources.
> >>>>
> >>>> Does it hold for *all* HW resources? If yes, indeed this would make pKVM on
> >>>> x86 considerably different.
> >>>
> >>> Heh, the original says "most", so it doesn't have to hold for all hardware resources,
> >>> just a simple majority.
> >>
> >> Again, pedantic mode on, I find it difficult to agree with the wording
> >> that the guest owns "most of" the HW resources it uses. It controls the
> >> data communication with its hardware device, but other resources (e.g.
> >> CPU time, interrupts, timers, PCI config space, ACPI) are owned by the
> >> host and virtualized by it for the guest.
> > 
> > I wasn't saying that the guest owns most resources, I was saying that the *untrusted*
> > host does *not* own most resources that are exposed to the guest.  My understanding
> > is that everything in your list is owned by the trusted hypervisor in the pKVM model.
> 
> Heh, no. Most of these resources are owned by the untrusted host, that's
> the point.

Ah, I was overloading "owned", probably wrongly.  What I'm trying to call out is
that in pKVM, while the untrusted host can withold resources, it can't subvert
most of those resources.  Taking scheduling as an example, a pKVM vCPU may be
migrated to a different pCPU by the untrusted host, but pKVM ensures that it is
safe to run on the new pCPU, e.g. on Intel, pKVM (presumably) does any necessary
VMCLEAR, IBPB, INVEPT, etc. to ensure the vCPU doesn't consume stale data.

> Basically for two reasons: 1. we want to keep the trusted hypervisor as
> simple as possible. 2. we don't need availability guarantees.
> 
> The trusted hypervisor owns only: 2nd-stage MMU, IOMMU, VMCS (or its
> counterparts on non-Intel), physical PCI config space (merely for
> controlling a few critical registers like BARs and MSI address
> registers), perhaps a few more things that don't come to my mind now.

The "physical PCI config space" is a key difference, and is very relevant to this
doc (see my response to Allen).

> The untrusted host schedules its guests on physical CPUs (i.e. the
> host's L1 vCPUs are 1:1 mapped onto pCPUs), while the trusted hypervisor
> has no scheduling, it only handles vmexits from the host and guests. The
> untrusted host fully controls the physical interrupt controllers (I
> think we realize that is not perfectly fine, but here we are), etc.

Yeah, IRQs are a tough nut to crack.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ