lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240805232246.GH478300@nvidia.com>
Date: Mon, 5 Aug 2024 20:22:46 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: "Tian, Kevin" <kevin.tian@...el.com>
Cc: David Hildenbrand <david@...hat.com>,
	Mostafa Saleh <smostafa@...gle.com>,
	John Hubbard <jhubbard@...dia.com>,
	Elliot Berman <quic_eberman@...cinc.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Shuah Khan <shuah@...nel.org>, Matthew Wilcox <willy@...radead.org>,
	"maz@...nel.org" <maz@...nel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
	"pbonzini@...hat.com" <pbonzini@...hat.com>,
	Fuad Tabba <tabba@...gle.com>, "Xu, Yilun" <yilun.xu@...el.com>,
	"Qiang, Chenyi" <chenyi.qiang@...el.com>
Subject: Re: [PATCH RFC 0/5] mm/gup: Introduce exclusive GUP pinning

On Mon, Aug 05, 2024 at 02:24:42AM +0000, Tian, Kevin wrote:
> 
> According to [3],
> 
> "
>   With SNP, when pages are marked as guest-owned in the RMP table,
>   they are assigned to a specific guest/ASID, as well as a specific GFN
>   with in the guest. Any attempts to map it in the RMP table to a different
>   guest/ASID, or a different GFN within a guest/ASID, will result in an RMP
>   nested page fault.
> "
> 
> With that measure in place my impression is that even the CPU's GPA
> translation can be controlled by the unsecure world in SEV-SNP.

Sure, but the GPA is the KVM S2, not the IOMMU. If there is some
complicated way to lock down the KVM S2 then it doesn't necessarily
apply to every IOVA to GPA translation as well.

The guest/hypervisor could have a huge number of iommu domains, where
would you even store such granular data?

About the only thing that could possibly do is setup a S2 IOMMU
identity translation reliably and have no support for vIOMMU - which
doesn't sound like a sane architecture to me.

It is not insurmountable, but it is going to be annoying if someone
needs access to the private pages physical address in the iommufd
side.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ