Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3819424pxu; Mon, 30 Nov 2020 10:54:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJxYa5t/IcV3cTMmvM6JR7I4YPW7u1NocyPS7rUUXdlnIC2raEmGDLH7qNYE8KCG3JsQW1BH X-Received: by 2002:a50:a40c:: with SMTP id u12mr23176723edb.337.1606762477618; Mon, 30 Nov 2020 10:54:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606762477; cv=none; d=google.com; s=arc-20160816; b=sCGzn2/Ui6KrUBSLRPW3g38oZO4AvPbQlCkOXD//J1doR7zDfYYoSOYSdifedgsoH0 ZpNh1uomyI+2v3U6/IaC0mArVRB24RyWP5d4EdSA5+7QugusfQ9aMPjoAbM1GguLuE7e xwiIr4E0XgUA49R6ubNG+q62WzEbsd2m7F0vDksOYb57k2LikQZCIQZPXZ4o+kN9j4ns cEsAGWass1qZothycUrmvg8ApiEq+lp/pJAPU5WkXVFfrucm0U698ZAjqyLnORsrhtQU OWoJrY2cHYF2YVXjn5vhckSZab0eFiP8GV06lqrss6WjlweqjCKMs5KNED4r0zewlIkO K+eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=HDV2ZTfnWFj2I1nMXs/QUKPdkXN+jw+xT8fcFlUSOVc=; b=xPkqafvzVdragtd1AXqU8BL42rUwgeKy7P+9+7En/tIyrVFe8hlmv3sMm10xi/HZ8Z 4sH6zzu5ABchOPMRAqK6frdlOg9f75zSKNvb8DWNBSB3+nmm7iVAAAMah0uxGBBYPP1M Wlt7MgUtqNwlEarvASFF3Msk9fe2eMsughFvOsMKjHzxizA10GKNpfcnnxUc8Y82feXZ 6AtmllJiRgztiEnxLUADBjGIhAUmc2FnK141lcADHfXysX54xnNBDV0bMn87tSFFEVpY twEG0NJ5S+UGjr5NnJ7VE11ok0DMTAaNyO7Lz79WBip7jA5gbxMyJHlb2td71siR4T4E yCbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lA21FFs7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o3si10961901ejn.637.2020.11.30.10.54.13; Mon, 30 Nov 2020 10:54:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lA21FFs7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387616AbgK3Svb (ORCPT + 99 others); Mon, 30 Nov 2020 13:51:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725870AbgK3Sva (ORCPT ); Mon, 30 Nov 2020 13:51:30 -0500 Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4D62C0613CF for ; Mon, 30 Nov 2020 10:50:50 -0800 (PST) Received: by mail-pf1-x444.google.com with SMTP id s21so10977295pfu.13 for ; Mon, 30 Nov 2020 10:50:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=HDV2ZTfnWFj2I1nMXs/QUKPdkXN+jw+xT8fcFlUSOVc=; b=lA21FFs7fsI60sDfvj2gxU+FgPkbHvr1U9a3ONx/671C/3d/nKlJpnVk7IAlanZc2m bwPmQnaTZX8tMGvHfKP1xSW0Nh1Er7MBelMPy9IB6NBnT4751YJQGutD4EqQmb4syZbd CDFMa9xO18awbJw3S9r4cJsdGc1cP1OYBhZbjYphsxKLZ2+jRa6Ljlf80LB+1c8cpYMY /tQxq/5EHr5/gGEX0FRYxIcVqbuvP1bp3ACYlmY5FiorxuFPC4xB8u37h/ZBxd/VJhkj g/mywk0m80gfxjHgQikUFr9IlQUXoR1Xz1hAghWecDLYfn2TB11eD5PA+U9vrdMV0XxK mdVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=HDV2ZTfnWFj2I1nMXs/QUKPdkXN+jw+xT8fcFlUSOVc=; b=Gjm0xABWXBUyNl29h/Cqj8AJ1CsAvNQ3tVMFRKtucZdU1tEXAPnw0tZPcmPH3Bx98K pKuZVAktnrCW3xh1jm6AZOq2Y3++gZ7mHCUJ1c3S6Qo8eL/k16NtVaNQxZ2945ElqRuQ pnTLDfBe7Xhry1bts+jg85WyYwlw0J29z1XKcPTKbUSxVh5O1breUwGTokwjIvFlLRvE Az2gujgcquELWkAu2YT6FCE7xkJc2jnFXjxv7HgZeXDRBRXmd2vvpGaEphVzlo8T2qNR gDeMD9kAXcUBNFUSV1VLttDlRqs1iNK2RwsKUzP/+x1bq96LXodkoE88wzOorGbgIqVD UXRg== X-Gm-Message-State: AOAM53190dVDLteFkBGxf0FMQnQP6SuooyYoIGDry+fzr8/EyMB7MzDQ wtt/6KYDdnqyZylwWH3yHcwOerFDioz3t2nW X-Received: by 2002:a62:1c93:0:b029:198:1c0a:ea71 with SMTP id c141-20020a621c930000b02901981c0aea71mr20104155pfc.22.1606762250026; Mon, 30 Nov 2020 10:50:50 -0800 (PST) Received: from google.com ([2620:0:1008:11:7220:84ff:fe09:dc21]) by smtp.gmail.com with ESMTPSA id a6sm9159555pfo.194.2020.11.30.10.50.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Nov 2020 10:50:49 -0800 (PST) Date: Mon, 30 Nov 2020 10:50:45 -0800 From: Tom Roeder To: Christoph Hellwig Cc: Keith Busch , Jens Axboe , Sagi Grimberg , Peter Gonda , Marios Pomonis , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, Thomas.Lendacky@amd.com, David.Kaplan@amd.com Subject: Re: [PATCH v2] nvme: Cache DMA descriptors to prevent corruption. Message-ID: <20201130185045.GA744128@google.com> References: <20201120012738.2953282-1-tmroeder@google.com> <20201120080243.GA20463@lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20201120080243.GA20463@lst.de> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 20, 2020 at 09:02:43AM +0100, Christoph Hellwig wrote: >On Thu, Nov 19, 2020 at 05:27:37PM -0800, Tom Roeder wrote: >> This patch changes the NVMe PCI implementation to cache host_mem_descs >> in non-DMA memory instead of depending on descriptors stored in DMA >> memory. This change is needed under the malicious-hypervisor threat >> model assumed by the AMD SEV and Intel TDX architectures, which encrypt >> guest memory to make it unreadable. Some versions of these architectures >> also make it cryptographically hard to modify guest memory without >> detection. > >I don't think this is a useful threat model, and I've not seen a >discussion on lkml where we had any discussion on this kind of threat >model either. Thanks for the feedback and apologies for the lack of context. I was under the impression that support for AMD SEV SNP will start showing up in KVM soon, and my understanding of SNP is that it implies this threat model for the guest. See the patchset for SEV-ES, which is the generation before SNP: https://lkml.org/lkml/2020/9/14/1168. This doesn't get quite to the SNP threat model, but it starts to assume more maliciousness on the part of the hypervisor. You can also see the talk from David Kaplan of AMD from the 2019 Linux Security Summit for info about SNP: https://www.youtube.com/watch?v=yr56SaJ_0QI. > >Before you start sending patches that regress optimizations in various >drivers (and there will be lots with this model) we need to have a >broader discussion first. I've added Tom Lendacky and David Kaplan from AMD on the thread now, since I don't think I have enough context to say where this discussion should take place or the degree to which they think it has or hasn't. Tom, David: can you please comment on this? > >And HMB support, which is for low-end consumer devices that are usually >not directly assigned to VMs aren't a good starting point for this. I'm glad to hear that this case doesn't apply directly to cases we would care about for assignment to guests. I'm not very familiar with this codebase, unfortunately. Do the same kinds of issues apply for the kinds of devices that would be assigned to guests?