Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1409506rwd; Wed, 31 May 2023 13:35:53 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ64G3LBJYra7+IKEzZ5AYrkVn+fenFyjUa74qR/BTpKT7tzGuE0AxK8tpEWuW0Yfa6dDeS0 X-Received: by 2002:a17:90a:868a:b0:256:69e8:9298 with SMTP id p10-20020a17090a868a00b0025669e89298mr13282873pjn.17.1685565353076; Wed, 31 May 2023 13:35:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685565353; cv=none; d=google.com; s=arc-20160816; b=C+mtyaxlZRddm5u/9TL4uKDsOzoSuYmngYe3NSp4Zdmv2B5Q2PKSMol4fJNZKBycQA BIYdHIe5R0VLbKLQquc4sJMhPCFbCfgskRSo4Y3sWDbxNC4NISvnZ9ustJYw8P7IyHvy Rx3UGL8jxRg2E/hEiry076+pCEIg0vBCzJmQcpCOR9UED6bQgud5RbL7a7O4FFO9ezRv HNSL12TU1Q9EDLGbvYSH7dkfkMCEyaNP0l5nksMqhZI4+rImcuZtMDFM7we9RzsD3t1Z TXiUQcfKrT6xEHCc5jWMU1Jfz1TwVuzJEP3h5iRes0ad2h1fVauRHcI58Ri2Hn4M6WBN NXmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:references:mime-version:in-reply-to:date:dkim-signature; bh=APftvx9keMYUt1Xk5prtdAgJw5++/nh9oJ2TjaQ+44Q=; b=nQfh9NaVr8yJyQEuB7dvhSEn693xMwRxMxnYbyAY2yPkTwn6W+saNq5laczT4vAZ1W K1aSC0eU6Drb9pYGo3p8UdCPz7ZQ5RDsH0/zDjkrY5zUzG8TCrGw/b5LQDEfVlQdGKOv DC5/UgE9nfqDNT4whkH5cLSzo0rB4Mm5NmDWlRSJsCEQNBQ2XbxPS9PvN43alt+XcfBH pXmVqnLPlnIbjk3TjvlYJ/hZn+8U6Pi8xL6U1xnQSpANMwCfBMsJmCAwvGlZAKhUIH/E qQDSCD9K8UGVx1VCNpJYe8mzu/g9uKWpPfrYkbzEd7m5KblKFZe0VVTuS//LOYLLZMub Wm4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="PX/4QCBD"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j124-20020a636e82000000b005346c49e06csi1476876pgc.834.2023.05.31.13.34.40; Wed, 31 May 2023 13:35:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="PX/4QCBD"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230266AbjEaUYM (ORCPT + 99 others); Wed, 31 May 2023 16:24:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229830AbjEaUYJ (ORCPT ); Wed, 31 May 2023 16:24:09 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 547E0188 for ; Wed, 31 May 2023 13:24:04 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-565a336caa0so210357b3.1 for ; Wed, 31 May 2023 13:24:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1685564643; x=1688156643; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=APftvx9keMYUt1Xk5prtdAgJw5++/nh9oJ2TjaQ+44Q=; b=PX/4QCBDJ9PLCDibCE4LoOf2U0DE4t/KWyS05NGIZcGzqK/qwcSjxPluWcaqwv1Stk rMyraQASzxyWuHCUByRiPyI4r+TKzg18DQi23LqLbo8WEM0cjd44YF28bRWYO1A5spCy C8uoUDWMPuMiaxHglFY6t+vlO8uFRPkrpIUD9WU6y/eI2MWpQZdCjDnBrvtPK2foPDM8 2b0pUD4qsLCE5pd4FfnukjL1T9+czSe/1aJuv1AeB5D9vgahqEpjGWaUrfGv4vRCGUgK 7d8Ob7qWLSyhaFm1bWvZd46hX/2rCmhkQhiUf9f78KTYzvmJ6/SxSLGkVtXf5wgn2kFJ IIHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685564643; x=1688156643; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=APftvx9keMYUt1Xk5prtdAgJw5++/nh9oJ2TjaQ+44Q=; b=TbcuPzS8Jj1O4GtUSljDRlvfIfQzHDW0IbWUYT717myxdQW3wnVCv3VZcGWzjlV1zh LqalWYEV+l3riRIYym3/6QqLgWPsYJfIPfEEc54z6Kw0hnHXufW+88IYViwhLARnVKIF J/iaS5jqW9pjc3avqhTbUViTV6MfiVVJ9H9bQUmfrk6PgdOmITvR62E8ipjAVKfURxNL wKlqP8dAv2h6tXYV3iRJOjcxJj66BzsGKB6bWDCTERw7kWxGXispJXHtUgEUbPM81AhA g7eKV/uBu+6FDeTqWFahBF4HA2usM4R1PsBc0GAViq/sj7a3kMk7juhkE1Dw/rqLj+Tv bwhA== X-Gm-Message-State: AC+VfDyTX0dgXgLUMtvruWSbimg+V24YXh5JJ4wEuQ2XaH4+UqDyLSf1 ezUE9tPIXUPvRaNlRNIE+HCuTsigLro= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:e305:0:b0:55d:ea61:d8e9 with SMTP id q5-20020a81e305000000b0055dea61d8e9mr4086306ywl.7.1685564643426; Wed, 31 May 2023 13:24:03 -0700 (PDT) Date: Wed, 31 May 2023 13:24:01 -0700 In-Reply-To: Mime-Version: 1.0 References: <20230505152046.6575-1-mic@digikod.net> <93726a7b9498ec66db21c5792079996d5fed5453.camel@intel.com> <58a803f6-c3de-3362-673f-767767a43f9c@digikod.net> Message-ID: Subject: Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity From: Sean Christopherson To: Rick P Edgecombe Cc: "mic@digikod.net" , "dave.hansen@linux.intel.com" , "bp@alien8.de" , "keescook@chromium.org" , "hpa@zytor.com" , "mingo@redhat.com" , "tglx@linutronix.de" , "pbonzini@redhat.com" , "wanpengli@tencent.com" , "vkuznets@redhat.com" , "kvm@vger.kernel.org" , "qemu-devel@nongnu.org" , "liran.alon@oracle.com" , "marian.c.rotariu@gmail.com" , Alexander Graf , John S Andersen , "madvenka@linux.microsoft.com" , "ssicleru@bitdefender.com" , "yuanyu@google.com" , "linux-kernel@vger.kernel.org" , "tgopinath@microsoft.com" , "jamorris@linux.microsoft.com" , "linux-security-module@vger.kernel.org" , "xen-devel@lists.xenproject.org" , "will@kernel.org" , "dev@lists.cloudhypervisor.org" , "mdontu@bitdefender.com" , "linux-hardening@vger.kernel.org" , "linux-hyperv@vger.kernel.org" , "virtualization@lists.linux-foundation.org" , "nicu.citu@icloud.com" , "ztarkhani@microsoft.com" , "x86@kernel.org" Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 30, 2023, Rick P Edgecombe wrote: > On Fri, 2023-05-26 at 17:22 +0200, Micka=EF=BF=BDl Sala=EF=BF=BDn wrote: > > > > Can the guest kernel ask the host VMM's emulated devices to DMA int= o > > > > the protected data? It should go through the host userspace mapping= s I > > > > think, which don't care about EPT permissions. Or did I miss where = you > > > > are protecting that another way? There are a lot of easy ways to as= k > > > > the host to write to guest memory that don't involve the EPT. You > > > > probably need to protect the host userspace mappings, and also the > > > > places in KVM that kmap a GPA provided by the guest. > > >=20 > > > Good point, I'll check this confused deputy attack. Extended KVM > > > protections should indeed handle all ways to map guests' memory. I'm > > > wondering if current VMMs would gracefully handle such new restrictio= ns > > > though. > >=20 > > I guess the host could map arbitrary data to the guest, so that need to= be > > handled, but how could the VMM (not the host kernel) bypass/update EPT > > initially used for the guest (and potentially later mapped to the host)= ? >=20 > Well traditionally both QEMU and KVM accessed guest memory via host > mappings instead of the EPT.=EF=BF=BDSo I'm wondering what is stopping th= e > guest from passing a protected gfn when setting up the DMA, and QEMU > being enticed to write to it? The emulator as well would use these host > userspace mappings and not consult the EPT IIRC. >=20 > I think Sean was suggesting host userspace should be more involved in > this process, so perhaps it could protect its own alias of the > protected memory, for example mprotect() it as read-only. Ya, though "suggesting" is really "demanding, unless someone provides super= strong justification for handling this directly in KVM". It's basically the same = argument that led to Linux Security Modules: I'm all for KVM providing the framework= and plumbing, but I don't want KVM to get involved in defining policy, thread m= odels, etc.