lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2233397c-f423-40e3-8546-728b50ce0489@amazon.com>
Date: Thu, 31 Oct 2024 17:10:11 -0700
From: "Manwaring, Derek" <derekmn@...zon.com>
To: <roypat@...zon.co.uk>
CC: <ackerleytng@...gle.com>, <agordeev@...ux.ibm.com>,
	<aou@...s.berkeley.edu>, <borntraeger@...ux.ibm.com>, <bp@...en8.de>,
	<catalin.marinas@....com>, <chenhuacai@...nel.org>, <corbet@....net>,
	<dave.hansen@...ux.intel.com>, <david@...hat.com>, <derekmn@...zon.com>,
	<gerald.schaefer@...ux.ibm.com>, <gor@...ux.ibm.com>, <graf@...zon.com>,
	<hca@...ux.ibm.com>, <hpa@...or.com>, <jgowans@...zon.com>,
	<jthoughton@...gle.com>, <kalyazin@...zon.com>, <kernel@...0n.name>,
	<kvm@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>,
	<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<linux-kselftest@...r.kernel.org>, <linux-mm@...ck.org>,
	<linux-riscv@...ts.infradead.org>, <linux-s390@...r.kernel.org>,
	<linux-trace-kernel@...r.kernel.org>, <loongarch@...ts.linux.dev>,
	<luto@...nel.org>, <mathieu.desnoyers@...icios.com>, <mhiramat@...nel.org>,
	<mingo@...hat.com>, <palmer@...belt.com>, <paul.walmsley@...ive.com>,
	<pbonzini@...hat.com>, <peterz@...radead.org>, <quic_eberman@...cinc.com>,
	<rostedt@...dmis.org>, <rppt@...nel.org>, <seanjc@...gle.com>,
	<shuah@...nel.org>, <svens@...ux.ibm.com>, <tabba@...gle.com>,
	<tglx@...utronix.de>, <vannapurve@...gle.com>, <will@...nel.org>,
	<x86@...nel.org>, <xmarcalx@...zon.com>
Subject: Re: [RFC PATCH v3 0/6] Direct Map Removal for guest_memfd

On 2024-10-31 at 10:42+0000 Patrick Roy wrote:
> On Thu, 2024-10-31 at 09:50 +0000, David Hildenbrand wrote:
> > On 30.10.24 14:49, Patrick Roy wrote:
> >> Most significantly, I've reduced the patch series to focus only on
> >> direct map removal for guest_memfd for now, leaving the whole "how to do
> >> non-CoCo VMs in guest_memfd" for later. If this separation is
> >> acceptable, then I think I can drop the RFC tag in the next revision
> >> (I've mainly kept it here because I'm not entirely sure what to do with
> >> patches 3 and 4).
> >
> > Hi,
> >
> > keeping upcoming "shared and private memory in guest_memfd" in mind, I
> > assume the focus would be to only remove the direct map for private memory?
> >
> > So in the current upstream state, you would only be removing the direct
> > map for private memory, currently translating to "encrypted"/"protected"
> > memory that is inaccessible either way already.
> >
> > Correct?
>
> Yea, with the upcomming "shared and private" stuff, I would expect the
> the shared<->private conversions would call the routines from patch 3 to
> restore direct map entries on private->shared, and zap them on
> shared->private.
>
> But as you said, the current upstream state has no notion of "shared"
> memory in guest_memfd, so everything is private and thus everything is
> direct map removed (although it is indeed already inaccessible anyway
> for TDX and friends. That's what makes this patch series a bit awkward
> :( )

TDX and SEV encryption happens between the core and main memory, so
cached guest data we're most concerned about for transient execution
attacks isn't necessarily inaccessible.

I'd be interested what Intel, AMD, and other folks think on this, but I
think direct map removal is worthwhile for CoCo cases as well.

Derek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ