lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BN9PR11MB52768B4BFE518BC369DA3D848CBF2@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Tue, 6 Aug 2024 00:50:07 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Jason Gunthorpe <jgg@...dia.com>
CC: David Hildenbrand <david@...hat.com>, Mostafa Saleh <smostafa@...gle.com>,
	John Hubbard <jhubbard@...dia.com>, Elliot Berman <quic_eberman@...cinc.com>,
	Andrew Morton <akpm@...ux-foundation.org>, Shuah Khan <shuah@...nel.org>,
	Matthew Wilcox <willy@...radead.org>, "maz@...nel.org" <maz@...nel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-arm-msm@...r.kernel.org"
	<linux-arm-msm@...r.kernel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
	"pbonzini@...hat.com" <pbonzini@...hat.com>, Fuad Tabba <tabba@...gle.com>,
	"Xu, Yilun" <yilun.xu@...el.com>, "Qiang, Chenyi" <chenyi.qiang@...el.com>
Subject: RE: [PATCH RFC 0/5] mm/gup: Introduce exclusive GUP pinning

> From: Jason Gunthorpe <jgg@...dia.com>
> Sent: Tuesday, August 6, 2024 7:23 AM
> 
> On Mon, Aug 05, 2024 at 02:24:42AM +0000, Tian, Kevin wrote:
> >
> > According to [3],
> >
> > "
> >   With SNP, when pages are marked as guest-owned in the RMP table,
> >   they are assigned to a specific guest/ASID, as well as a specific GFN
> >   with in the guest. Any attempts to map it in the RMP table to a different
> >   guest/ASID, or a different GFN within a guest/ASID, will result in an RMP
> >   nested page fault.
> > "
> >
> > With that measure in place my impression is that even the CPU's GPA
> > translation can be controlled by the unsecure world in SEV-SNP.
> 
> Sure, but the GPA is the KVM S2, not the IOMMU. If there is some
> complicated way to lock down the KVM S2 then it doesn't necessarily
> apply to every IOVA to GPA translation as well.
> 
> The guest/hypervisor could have a huge number of iommu domains, where
> would you even store such granular data?
> 
> About the only thing that could possibly do is setup a S2 IOMMU
> identity translation reliably and have no support for vIOMMU - which
> doesn't sound like a sane architecture to me.
> 

According to the SEV-TIO spec there will be a new structure called
Secure Device Table to track security attributes of a TDI and also
location of guest page tables. It also puts hardware assisted
vIOMMU in the TCB then with nested translation the IOMMU S2
will always be GPA.

> It is not insurmountable, but it is going to be annoying if someone
> needs access to the private pages physical address in the iommufd
> side.
> 

Don't know much about SEV but based on my reading it appears
that it is designed with the assumption that GPA page tables (both
CPU/IOMMU S2, in nested translation) are managed by untrusted
host, for both shared and private pages.

Probably AMD folks can chime in to help confirm. 😊

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ