lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGtprH8JqCMmcNnWEhKFQd3Mm4WqT6buJJndtzG8rgxjU=bLnw@mail.gmail.com>
Date:   Wed, 21 Jun 2023 13:46:34 -0700
From:   Vishal Annapurve <vannapurve@...gle.com>
To:     "Dong, Eddie" <eddie.dong@...el.com>
Cc:     Zhi Wang <zhi.wang.linux@...il.com>,
        "Yamahata, Isaku" <isaku.yamahata@...el.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "isaku.yamahata@...il.com" <isaku.yamahata@...il.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        "Aktas, Erdem" <erdemaktas@...gle.com>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        "Shahar, Sagi" <sagis@...gle.com>,
        David Matlack <dmatlack@...gle.com>,
        "Huang, Kai" <kai.huang@...el.com>,
        "Chen, Bo2" <chen.bo@...el.com>,
        "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
        Chao Peng <chao.p.peng@...ux.intel.com>,
        Ackerley Tng <ackerleytng@...gle.com>,
        Michael Roth <michael.roth@....com>
Subject: Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement

On Wed, Jun 21, 2023 at 11:20 AM Dong, Eddie <eddie.dong@...el.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Vishal Annapurve <vannapurve@...gle.com>
> > Sent: Monday, June 19, 2023 2:55 PM
> > To: Zhi Wang <zhi.wang.linux@...il.com>
> > Cc: Yamahata, Isaku <isaku.yamahata@...el.com>; kvm@...r.kernel.org;
> > linux-kernel@...r.kernel.org; isaku.yamahata@...il.com; Paolo Bonzini
> > <pbonzini@...hat.com>; Aktas, Erdem <erdemaktas@...gle.com>;
> > Christopherson,, Sean <seanjc@...gle.com>; Shahar, Sagi
> > <sagis@...gle.com>; David Matlack <dmatlack@...gle.com>; Huang, Kai
> > <kai.huang@...el.com>; Chen, Bo2 <chen.bo@...el.com>; linux-
> > coco@...ts.linux.dev; Chao Peng <chao.p.peng@...ux.intel.com>; Ackerley
> > Tng <ackerleytng@...gle.com>; Michael Roth <michael.roth@....com>
> > Subject: Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement
> >
> > On Mon, Jun 19, 2023 at 1:11 PM Zhi Wang <zhi.wang.linux@...il.com>
> > wrote:
> > >
> > > On Mon, 19 Jun 2023 12:11:50 -0700
> ...
> >
> > Protected VM effort is about being able to have guest memory ranges not
> > mapped into Userspace VMM and so are unreachable for most of the cases
> > from KVM as well. Non-CC VMs can use this support to mitigate any
> > unintended accesses from userspace VMM/KVM possibly using enlightened
> > kernels.
>
> "PROTECTED" seems to be not very close to what you mean here. "PROTECTED_MEM" ?
> What case of non-CC VMs may use this feature in reality?  Or do you have any expected cases?
>

Similar to pKvm efforts [1], PROTECTED_VM functionality may be used to
unmap guest memory ranges from the host and userspace VMM on x86
platforms. If the KVM/host kernel and the guest VMs are enlightened
for this usecase, then it should be possible to deploy this feature
for normal VMs irrespective of the platforms they are running on.

Primary usecase here would be to prevent unintended accesses from
KVM/userspace VMM which would normally go undetected at runtime or are
hard to trace back to the original culprit.

[1] https://source.android.com/docs/core/virtualization/architecture#hypervisor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ