Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22C5FC636CC for ; Wed, 8 Feb 2023 17:29:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231307AbjBHR3f (ORCPT ); Wed, 8 Feb 2023 12:29:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230216AbjBHR3c (ORCPT ); Wed, 8 Feb 2023 12:29:32 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7D414FCCC for ; Wed, 8 Feb 2023 09:29:09 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 480CB6173F for ; Wed, 8 Feb 2023 17:29:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CE903C433D2; Wed, 8 Feb 2023 17:29:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1675877348; bh=3+VXQQUoFNE4y9ReCy+tNNais9kMLdSPpobhI6EHw3Q=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Yd/w3C8t7WAOIil+J0Etrn39O6ietPRfA9teoj0XVLyzzA2lp5THnwob+bC46jR/v VesSXoQN/Ba+sT2Fa10WhTZCadrMu/rQ739yH96hyYSD4srowiVWDDbvXC2ydnAOgY 2d7xjgvolf1+3rbvLDRJB4GYfmTP5i/BPS/dwlSk= Date: Wed, 8 Feb 2023 18:29:04 +0100 From: Greg Kroah-Hartman To: Christophe de Dinechin Cc: "Reshetova, Elena" , "Michael S. Tsirkin" , Theodore Ts'o , Carlos Bilbao , "Shishkin, Alexander" , "Shutemov, Kirill" , "Kuppuswamy, Sathyanarayanan" , "Kleen, Andi" , "Hansen, Dave" , Thomas Gleixner , Peter Zijlstra , "Wunner, Lukas" , Mika Westerberg , Jason Wang , "Poimboe, Josh" , "aarcange@redhat.com" , Cfir Cohen , Marc Orr , "jbachmann@google.com" , "pgonda@google.com" , "keescook@chromium.org" , James Morris , Michael Kelley , "Lange, Jon" , "linux-coco@lists.linux.dev" , Linux Kernel Mailing List Subject: Re: Linux guest kernel threat model for Confidential Computing Message-ID: References: <658272b5-9547-a69f-b6c9-a7ff2dd2d468@amd.com> <20044cae-4fab-7ef6-02a0-5955a56e5767@amd.com> <20230208041913-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 08, 2023 at 05:19:37PM +0100, Christophe de Dinechin wrote: > > On 2023-02-08 at 11:58 +01, Greg Kroah-Hartman wrote... > > On Wed, Feb 08, 2023 at 10:44:25AM +0000, Reshetova, Elena wrote: > >> > >> The CC threat model does change the traditional linux trust boundary regardless of > >> what mitigations are used (kernel config vs. runtime filtering). Because for the > >> drivers that CoCo guest happens to need, there is no way to fix this problem by > >> either of these mechanisms (we cannot disable the code that we need), unless somebody > >> writes a totally new set of coco specific drivers (who needs another set of > >> CoCo specific virtio drivers in the kernel?). > > > > It sounds like you want such a set of drivers, why not just write them? > > We have zillions of drivers already, it's not hard to write new ones, as > > it really sounds like that's exactly what you want to have happen here > > in the end as you don't trust the existing set of drivers you are using > > for some reason. > > In the CC approach, the hypervisor is considered as hostile. The rest of the > system is not changed much. If we pass-through some existing NIC, we'd > rather use the existing driver for that NIC rather than reinvent > it. But that is not what was proposed. I thought this was all about virtio. If not, again, someone needs to write a solid definition. So if you want to use existing drivers, wonderful, please work on making the needed changes to meet your goals to all of them. I was trying to give you a simple way out :) > >> 1. these selective CoCo guest required drivers (small set) needs to be hardened > >> (or whatever word people prefer to use here), which only means that in > >> the presence of malicious host/hypervisor that can manipulate pci config space, > >> port IO and MMIO, these drivers should not expose CC guest memory > >> confidentiality or integrity (including via privilege escalation into CC guest). > > > > Again, stop it please with the "hardened" nonsense, that means nothing. > > Either the driver has bugs, or it doesn't. I welcome you to prove it > > doesn't :) > > In a non-CC scenario, a driver is correct if, among other things, it does > not leak kernel data to user space. However, it assumes that PCI devices are > working correctly and according to spec. And you also assume that your CPU is working properly. And what spec exactly are you referring to? How can you validate any of that without using the PCI authentication protocol already discussed in this thread? > >> Please note that this only applies to a small set (in tdx virtio setup we have less > >> than 10 of them) of drivers and does not present invasive changes to the kernel > >> code. There is also an additional core pci/msi code that is involved with discovery > >> and configuration of these drivers, this code also falls into the category we need to > >> make robust. > > > > Again, why wouldn't we all want "robust" drivers? This is not anything > > new here, > > What is new is that CC requires driver to be "robust" against a new kind of > attack "from below" (i.e. from the [virtual] hardware side). And as I have said multiple times, that is a totally new "requirement" and one that Linux does not meet in any way at this point in time. If you somehow feel this is a change that is ok to make for Linux, you will need to do a lot of work to make this happen. Anyway, you all are just spinning in circles now. I'll just mute this thread until I see an actual code change as it seems to be full of people not actually sending anything we can actually do anything with. greg k-h