Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1207923pxb; Tue, 19 Oct 2021 23:57:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7YLUnx6QzKP9Jo7gzjEFFSsrdyzHaj0JE+lQqrKj6ZvV3fNH+QgvKU3oMzc0ZdS8rE8c/ X-Received: by 2002:a17:902:8a97:b0:13e:6e77:af59 with SMTP id p23-20020a1709028a9700b0013e6e77af59mr37002117plo.4.1634713061406; Tue, 19 Oct 2021 23:57:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634713061; cv=none; d=google.com; s=arc-20160816; b=AOy6fFEyVFnXSnBpHLbTr+Ctv2MyAZs7Sr2hNLJ3g2tJ3n0jEMP2QWLx8HoQXlDWsH U2sjM1CO+YyJkKRG75tX0UGZudG7X3wDJ24flAuOZ9K9YAFftNaoN8lONhpP8B11as9L HzLCg/urNgYnzyQU16yrlEZVzAOfFMIXs6A9DPod3KvF6cepQI3gjK4ByYUykZiu9PNZ wLKb1/4FyjOktfidbbwJNGs4YxNNdslDUTZUsI9sFLYSyZVPm+0BctU6ZTAwKBaIBL6r Tg9+nyGvY5EdrD8RCK+tSSOEy595sfjLuSJqXwlN0+Wh0VF9OStrxcKoj6KsN9VNw1H/ HN0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=4AkzbJIuIOJAHop1s/JVJ6BQuEIDhfjRfELf4n/z/2I=; b=bXrVU6Wt/mk0zILEo1uhcx0b1pz2NsS76d+b3yVI6oSoto68laKILpJT0oVAoK2Ro1 pXp5ZY8Ioccs9Ztfhzj+qc2Nyr00OoTW9orSKLGh3pLkblr7ba5p+qkpNMdXc40wv+X7 J7gSQY/mPGc1hOutMws3cc3bPpAMWqJn5sGMKpF+bNonTorfVoMLD4D4o0kBFp5yXg/3 u5AVdqndsHoyGy/eW2hsgVSBDys7OW8XmsGW14o5e8QdCoIowU4QMwW9wChU+7jIWFcR QC1nWD9RhTeaj8k5ttPoOq5e1AuFGV1sppeWRBpekQjKAYu/QNY3UQTl//q9egBXFnuJ GneA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R4LrYzsf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a10si3202935pjv.62.2021.10.19.23.57.28; Tue, 19 Oct 2021 23:57:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R4LrYzsf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229820AbhJTG6t (ORCPT + 99 others); Wed, 20 Oct 2021 02:58:49 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52108 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229741AbhJTG6s (ORCPT ); Wed, 20 Oct 2021 02:58:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634712994; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=4AkzbJIuIOJAHop1s/JVJ6BQuEIDhfjRfELf4n/z/2I=; b=R4LrYzsf3pcOJrC8Qx8QoUfhxH7n2gr9YSue3oFfQbp+7O1YW7ccz4N/fdXTOOHRYC8nOj 9GJtLliaFqX/7iG9lmFxoH9WIiTF2v9vhF3d2EedBbB76Dip9q/GnmuipW9zsQ2ISVilXX ZB9PxmIniUWEgfOMp86dC+EZ3H0DfCI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-76-H8m9-lxGMs-G5P3l7_KGwg-1; Wed, 20 Oct 2021 02:56:32 -0400 X-MC-Unique: H8m9-lxGMs-G5P3l7_KGwg-1 Received: by mail-wm1-f71.google.com with SMTP id c5-20020a05600c0ac500b0030dba7cafc9so3649849wmr.5 for ; Tue, 19 Oct 2021 23:56:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=4AkzbJIuIOJAHop1s/JVJ6BQuEIDhfjRfELf4n/z/2I=; b=TIBQMKarZW7TA6FRxJR0Gfpp75rPrvzANovhI83pdSYPiPfwv/TREeHGn08V1BGWFQ A8G43PKYlBc0n/zmXflwLTCIx+ln1acm7sGQjbvSEgyEBQBQwYuDIfX/omYfSzlCFAhr AyYfi/eL7eVMZkQb3IFgu/ArA/sFfP5jrqDWuDLJVXDHcDA5Y/LxOcGvb5IJDSjrzGAL eChAP+mjGEDrBlB0YJxZnsXvXgpFUN4u5+DWPBh+n5T3dnU7K8VlyysU077ssEwMhKEX o6iBCqzF9NqRlG1LDrMOKJZEpJjlUIQCi8IQzp/KRXwTE+69H0D6RgYBQpWWrmaIoA0y qw3Q== X-Gm-Message-State: AOAM532URE1lTv2UNy5Cpr6Qd+43RxnEDapHqxBz1CvHulD5IU3duQPc CwG+CjVGK7rolPyyWG40b0bZIuvNNpfwaKqQys6gCzUiLZp+nCyHr5sMhvymtotK/tYjqTluK4H GNLg7ZbZLCaaJIQPnz6/Y51NK X-Received: by 2002:a05:600c:3511:: with SMTP id h17mr11395061wmq.144.1634712991608; Tue, 19 Oct 2021 23:56:31 -0700 (PDT) X-Received: by 2002:a05:600c:3511:: with SMTP id h17mr11395040wmq.144.1634712991425; Tue, 19 Oct 2021 23:56:31 -0700 (PDT) Received: from redhat.com ([2.55.24.172]) by smtp.gmail.com with ESMTPSA id a127sm4151894wme.40.2021.10.19.23.56.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Oct 2021 23:56:30 -0700 (PDT) Date: Wed, 20 Oct 2021 02:56:27 -0400 From: "Michael S. Tsirkin" To: Jason Wang Cc: Dongli Zhang , "Paul E . McKenney" , "kaplan, david" , Konrad Rzeszutek Wilk , Peter Zijlstra , "Hetzelt, Felicitas" , linux-kernel , virtualization , Thomas Gleixner Subject: Re: [PATCH V2 06/12] virtio_pci: harden MSI-X interrupts Message-ID: <20211020022529-mutt-send-email-mst@kernel.org> References: <20211012065227.9953-1-jasowang@redhat.com> <20211012065227.9953-7-jasowang@redhat.com> <20211015132639-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 20, 2021 at 09:33:49AM +0800, Jason Wang wrote: > > In my own opinion, the threat model is: > > > > Attacker: 'malicious' hypervisor > > > > Victim: VM with SEV/TDX/SGX > > > > The attacker should not be able to steal secure/private data from VM, when the > > hypervisor's action is unexpected. DoS is out of the scope. > > > > My concern is: it is very hard to clearly explain in the patchset how the > > hypervisor is able to steal VM's data, by setting queue=0 or injecting unwanted > > interrupts to VM. > > Yes, it's a hard question but instead of trying to answer that, we can > just fix the case of e.g unexpected interrupts. > > Thanks I think this it's still early days for TDX. So it's a bit early to talk about threat models, start opening CVEs and distinguishing between security and non-security bugs. -- MST