lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0df1ea92-4386-4237-bf98-02503a5829ba@suse.com>
Date: Mon, 14 Apr 2025 13:56:21 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: Dan Williams <dan.j.williams@...el.com>, dave.hansen@...ux.intel.com
Cc: Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
 Vishal Annapurve <vannapurve@...gle.com>, Kees Cook <keescook@...omium.org>,
 stable@...r.kernel.org, x86@...nel.org, Ingo Molnar <mingo@...nel.org>,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/3] Restrict devmem for confidential VMs



On 11.04.25 г. 4:22 ч., Dan Williams wrote:
> Changes since v1 [1]:
> * Fix the fact that devmem_is_allowed() == 2 does not prevent
>    mmap access (Kees)
> * Rather than teach devmem_is_allowed() == 2 to map zero pages in the
>    mmap case, just fail (Nikolay)
> 
> [1]: http://lore.kernel.org/67f5b75c37143_71fe2949b@dwillia2-xfh.jf.intel.com.notmuch
> 
> ---
> The story starts with Nikolay reporting an SEPT violation due to
> mismatched encrypted/non-encrypted mappings of the BIOS data space [2].
> 
> An initial suggestion to just make sure that the BIOS data space is
> mapped consistently [3] ran into another issue that TDX and SEV-SNP
> disagree about when that space can be mapped as encrypted.
> 
> Then, in response to a partial patch to allow SEV-SNP to block BIOS data
> space for other reasons [4], Dave asked why not just give up on /dev/mem
> access entirely in the confidential VM case [5].
> 
> Enter this series to:
> 
> 1/ Close a subtle hole whereby /dev/mem that is supposed return zeros in
>     lieu of access only enforces that for read()/write()
> 
> 2/ Use that new closed hole to reliably disable all /dev/mem access for
>     confidential x86 VMs
> 
> [2]: http://lore.kernel.org/20250318113604.297726-1-nik.borisov@suse.com
> [3]: http://lore.kernel.org/174346288005.2166708.14425674491111625620.stgit@dwillia2-xfh.jf.intel.com
> [4]: http://lore.kernel.org/20250403120228.2344377-1-naveen@kernel.org
> [5]: http://lore.kernel.org/fd683daa-d953-48ca-8c5d-6f4688ad442c@intel.com
> ---
> 
> Dan Williams (3):
>        x86/devmem: Remove duplicate range_is_allowed() definition
>        devmem: Block mmap access when read/write access is restricted
>        x86/devmem: Restrict /dev/mem access for potentially unaccepted memory by default
> 
> 
>   arch/x86/Kconfig                |    2 ++
>   arch/x86/include/asm/x86_init.h |    2 ++
>   arch/x86/kernel/x86_init.c      |    6 ++++++
>   arch/x86/mm/init.c              |   23 +++++++++++++++++------
>   arch/x86/mm/pat/memtype.c       |   31 ++++---------------------------
>   drivers/char/mem.c              |   18 ------------------
>   include/linux/io.h              |   26 ++++++++++++++++++++++++++
>   7 files changed, 57 insertions(+), 51 deletions(-)
> 
> base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8

Reviewed-by: Nikolay Borisov <nik.borisov@...e.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ