Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp730248pxj; Thu, 3 Jun 2021 18:47:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzdali+je6a+JOHU8w71lXKYbAWAmMgWNCOC6oRishAJ9zdgCBWgT/d9MEZh9a4CHQ6M5su X-Received: by 2002:a17:906:13db:: with SMTP id g27mr1942156ejc.88.1622771271280; Thu, 03 Jun 2021 18:47:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622771271; cv=none; d=google.com; s=arc-20160816; b=aA8sRS8HyAKNJMRthE5qwJDuTJamuIwZEGz5RJY+vS5hXfQ9vFtIqcek6BD0pO2KIi tSaPCMEwBtf64tlh/f8qJf97bK7HMGbkRibv/2kgzl4eLdGMBV5QQbwX77g4abIbQn38 ndpBP+8/8zpdb2VenYmZi34fSxCGCZg/8QlXOoazaS4lMQ7d7bIlOLROMK7oWVsi4mMB n6ASgUWB2QRkomqyQR/vDrMl/bpnahKVzmi/J1A1MFmpjXjlRVSG8wCmdwDCsv3wuoWp Hl0yK+XS1Kc7m+L1qlP75E/iOLxLPaKy05m25J9b3i6CLvbrxGapFL0uHnDgQp6Ukzsa EsGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=+98yY+OehdVBPzUi3L7cE5efhc1qWA/I3ZJHfCwubBs=; b=bbw8kSWdF6I8uqv/9J/KOqHVavSz+vP1KvpLojr/1DuRyXKadek9v/D9dyGDQpBm7Q f/A0vv2wTLoHjuxhCJLZ0Wek8ygC2js8h7iEQ9i39yGQxDhzB1AyVc83kHLj1/IEt+ee pfeYn5l2A/VgPpR8Iv9ju3R1q0mE6/zazMYeg4VbHtBcEjKwDyt1ZSxEUoZ+QZIU0g5L TYZDwMJn0QPCnAn9JTBmAmfQxhMGe2eOmnUHwQl0e7DOC+3EPDeQ+8h73Wj9Me4eH5Qy yPPB0DYtR99wNuBd8gWQjUgc92pQQo24d0Rp2TFI3rFVb8whZdEQ32qw7BsIbEC3N5Pq 5GEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZuyAvsMb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l13si3561796edb.4.2021.06.03.18.47.28; Thu, 03 Jun 2021 18:47:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZuyAvsMb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229927AbhFDBry (ORCPT + 99 others); Thu, 3 Jun 2021 21:47:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:41468 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229758AbhFDBry (ORCPT ); Thu, 3 Jun 2021 21:47:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8EF49613FF; Fri, 4 Jun 2021 01:46:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622771168; bh=Lpi5gmvDUTHrxYBJ0AOqlt011SOYDrHyNVmLe5HdGy8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=ZuyAvsMb4lFdlwmcPxUZP9zxROGdeedSPDV7yiU+Jdix88lBjlybEKKWTJfDEehta Laah6xJkGs+MM9Kdy93FpC6ZQKRoENJX3yqvv+deRKewPHTiDNpeTowmCsvqGdDBer bLab3XnKzHTMFLhlCXFOZehxjyeutpnEeVbkaGGSXBfQdtsMOYQdqK3PAmHSEauX5k iP31NEOcqDyeXWHpqrHeeRa3t123whXOsexrTWJZ2s83u7vVGdp3ikBbdpgcUXDOj2 7CzUK19NjFOAGn65bgG0nIP8udLpMi6hnDBZ8Cc2Lc07rDrLkyaoOitruCGj6gcdhq wd09XZC21d/cw== Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest To: Andi Kleen , mst@redhat.com Cc: Jason Wang , virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, the arch/x86 maintainers , sathyanarayanan.kuppuswamy@linux.intel.com, Josh Poimboeuf , Linux Kernel Mailing List References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-2-ak@linux.intel.com> <2b2dec75-a0c1-4013-ac49-a49f30d5ac3c@www.fastmail.com> <3159e1f4-77cd-e071-b6f2-a2bb83cfc69a@linux.intel.com> <884f34e0-fcd2-bb82-9e9e-4269823fa9b2@linux.intel.com> From: Andy Lutomirski Message-ID: <308e7187-1ea7-49a7-1083-84cf8654f52a@kernel.org> Date: Thu, 3 Jun 2021 18:46:08 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <884f34e0-fcd2-bb82-9e9e-4269823fa9b2@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/3/21 4:32 PM, Andi Kleen wrote: > >> We do not need an increasing pile of kludges > > Do you mean disabling features is a kludge? > > If yes I disagree with that characterization. > > >> to make TDX and SEV “secure”.  We need the actual loaded driver to be >> secure.  The virtio architecture is full of legacy nonsense, >> and there is no good reason for SEV and TDX to be a giant special case. > > I don't know where you see a "giant special case". Except for the > limited feature negotiation all the changes are common, and the > disabling of features (which is not new BTW, but already done e.g. with > forcing DMA API in some cases) can be of course used by all these other > technologies too. But it just cannot be done by default for everything > because it would break compatibility. So every technology with such > requirements has to explicitly opt-in. > > >> >> As I said before, real PCIe (Thunderbolt/USB-C or anything else) has >> the exact same problem.  The fact that TDX has encrypted memory is, at >> best, a poor proxy for the actual condition.  The actual condition is >> that the host does not trust the device to implement the virtio >> protocol correctly. > > Right they can do similar limitations of feature sets. But again it > cannot be default. Let me try again. For most Linux drivers, a report that a misbehaving device can corrupt host memory is a bug, not a feature. If a USB device can corrupt kernel memory, that's a serious bug. If a USB-C device can corrupt kernel memory, that's also a serious bug, although, sadly, we probably have lots of these bugs. If a Firewire device can corrupt kernel memory, news at 11. If a Bluetooth or WiFi peer can corrupt kernel memory, people write sonnets about it and give it clever names. Why is virtio special? If, for some reason, the virtio driver cannot be fixed so that it is secure and compatible [1], then I think that the limited cases that are secure should be accessible to anyone, with or without TDX. Have a virtio.secure_mode module option or a udev-controllable parameter or an alternative driver name or *something*. An alternative driver name would allow userspace to prevent the insecure mode from auto-binding to devices. And make whatever system configures encrypted guests for security use this mode. (Linux is not going to be magically secure just by booting it in TDX. There's a whole process of unsealing or remote attestation, something needs to prevent the hypervisor from connecting a virtual keyboard and typing init=/bin/bash, something needs to provision an SSH key, etc.) In my opinion, it is not so great to identify bugs in the driver and then say that they're only being fixed for TDX and SEV. Keep in mind that, as I understand it, there is nothing virt specific about virtio. There are real physical devices that speak virtio. [1] The DMA quirk is nasty. Fortunately, it's the only case I'm aware of in which the virtio driver genuinely cannot be made secure and compatible at the smae time. Also, fortunately, most real deployments except on powerpc work just fine with the DMA quirk unquirked. > > >> >>> >>> TDX and SEV use the arch hook to enforce DMA API, so that part is also >>> solved. >>> >> Can you point me to the code you’re referring to? > > See 4/8 in this patch kit. It uses an existing hook which is already > used in tree by s390. This one: int arch_has_restricted_virtio_memory_access(void) +{ + return is_tdx_guest(); +} I'm looking at a fairly recent kernel, and I don't see anything for s390 wired up in vring_use_dma_api.