Received: by 2002:ac8:3b51:0:b0:3f3:9eb6:4eb6 with SMTP id r17csp1442549qtf; Fri, 16 Jun 2023 08:46:11 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4jrevkHPDOnESLTHGXW9rsIEgDJxHvL4fT17Xa3vMQSQ1Ugu8Y1VlX1TZSffAFeMqb+Jx2 X-Received: by 2002:a17:902:cecf:b0:1b5:25f8:2152 with SMTP id d15-20020a170902cecf00b001b525f82152mr2350947plg.56.1686930371645; Fri, 16 Jun 2023 08:46:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686930371; cv=none; d=google.com; s=arc-20160816; b=APjvPdI/NWa88v6waLdH8u30SE0txVdZv41hUpiqNz+cSEqRGKtybA1VPalOWN1px8 oXF0aCPHKI2rl5raxgFuFAAEqkXH8hXgl32u80JuQv8LtO9t3od6hSZETqU7dXKwGDm0 If6n/Z0Jt5Y9HAjfuS2G+QPAl6ACKJdsHJLNMJJ4XXUCjDSFlIe9Nr4lbcExHXrBENI6 ehm0mf21E038ALM4v6eFkvY1ZdNtqiOxKtbitfhVY/wrd7PNDjr7mbZCu8+Mhtm9AgI5 0EC0QunGUibi8VwzUHUA6funA5s5vWXJYrLfCukcEfflr+BFTwCaexFnwVWzbI8x3Ylg AA2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=WZnuFE3O/PR9u8GmiBs6AD4GgdDBkrTpJv3wePBd8wA=; b=yDXPDDzRVuBrnfyWhsQYamjI008aDO1cY1Uhv7s0mnpQnj5W4KjqPLkUsJ9aKMfyz0 gUrkFjCrgcxR9MpZlhwwEgX13KZeD+0VdKn0Fd+/aFKqvG9Xlo8OqJszlh3Jp4W9Y69e H3RGap5g3LRd554RtSqAsJ6GteQqXUfzhtva4rxyutRUgaQD3FMl6gV0xgsc0xYgZJik iwk0OMfc2ITH/yMIWU3moTpgTSBKDRHnV9djbeEie09D8t1ix0a1Bl2cmRXv7EHVMJW+ Ze9cJaXTC/jBaYDaKu4MtlPRt3vTCHWk5B2wmmC4+FkpzGd1ZEFCf5jQd19WFkDwdSDK lowg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@semihalf.com header.s=google header.b=VSkQ5tJP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=semihalf.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a170902c94c00b0019ca54e71e4si16086035pla.224.2023.06.16.08.45.56; Fri, 16 Jun 2023 08:46:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@semihalf.com header.s=google header.b=VSkQ5tJP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=semihalf.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346008AbjFPPcC (ORCPT + 99 others); Fri, 16 Jun 2023 11:32:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345735AbjFPPcA (ORCPT ); Fri, 16 Jun 2023 11:32:00 -0400 Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69C312720 for ; Fri, 16 Jun 2023 08:31:59 -0700 (PDT) Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-4f849a0e371so1185057e87.1 for ; Fri, 16 Jun 2023 08:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf.com; s=google; t=1686929517; x=1689521517; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=WZnuFE3O/PR9u8GmiBs6AD4GgdDBkrTpJv3wePBd8wA=; b=VSkQ5tJPI6E4tGxRLdR8gFnV55P8c2MLC/+onvswHPjdHgWldO+uWQNJC8nqhrCDi2 yaNYfwVSXGRPiLZrUO88wL3eWPfDbn+G7qfOv0/zrbvlaKajpsblxmcowKwfnN9NAVWw y4qyJ4F4a8Xot4ZrHufrrQziknzKBVdCZ9MA7nS3NWxszA152DDApvPfiWraN0TH4QM9 1y8MhIOd/c2dyTDPsf4CzUbdKXv3Uyu4AbPG+VHK1EiRdwNBeWw1ujXUDTFLN1OD8gHs UYjOyCNA5/oIy0O+eB+oUagAPxa6O0heDpEtpmnaxRgExRrNi4w6KC7WYc2+WKACbDjs TL3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686929517; x=1689521517; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WZnuFE3O/PR9u8GmiBs6AD4GgdDBkrTpJv3wePBd8wA=; b=RByt0rlPbzSwDfgN9kwkbCOrYYi69aO9OBXbao7+DZkBahOoCUfqvyi4w1LUB9iHhr Ls7T3Hu+EVZ6nE3/W5feJlmmUM7ywZd+yCqWKcVHV/9s4jDLQnZaJcrR1ppOKWjMWGWq apPja3MX82p/TB9kqqCcAgeeSEW03YK0k2X+opaQ8ep23Ydj+eRvxWfWdu+bxyliUq5K pw9oHOCHEN0mpJfzN5wF5piHYXsKvPU9jen5kbCIWVspU4Xz2weCQOx58+cdR+9JH5qe Nc5oelAsieM5Ancypchv1+a7/So7TbspsLsJ78P/kTk9EtVXU7eHGxjCH2Sdq4nwpQXZ czbg== X-Gm-Message-State: AC+VfDy+eiW7VjihZUZ2X+9b1cv5fSjq7uPiBeDHtcE8t/yiuUp60MxL /XMVs9j6NbSMdTqEwWwDIKWWYw== X-Received: by 2002:a19:9114:0:b0:4f3:96ac:6dd3 with SMTP id t20-20020a199114000000b004f396ac6dd3mr1497698lfd.15.1686929517447; Fri, 16 Jun 2023 08:31:57 -0700 (PDT) Received: from [10.43.1.253] ([83.142.187.84]) by smtp.gmail.com with ESMTPSA id 7-20020ac24847000000b004f4cabba7desm3056281lfy.74.2023.06.16.08.31.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 16 Jun 2023 08:31:56 -0700 (PDT) Message-ID: <22438996-cea6-fcdc-530b-bf3f2477a81c@semihalf.com> Date: Fri, 16 Jun 2023 17:31:54 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2] docs: security: Confidential computing intro and threat model for x86 virtualization To: Sean Christopherson Cc: Elena Reshetova , Carlos Bilbao , Jason CJ Chen , "corbet@lwn.net" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "ardb@kernel.org" , "kraxel@redhat.com" , "dovmurik@linux.ibm.com" , "dave.hansen@linux.intel.com" , "Dhaval.Giani@amd.com" , "michael.day@amd.com" , "pavankumar.paluri@amd.com" , "David.Kaplan@amd.com" , "Reshma.Lal@amd.com" , "Jeremy.Powell@amd.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "alexander.shishkin@linux.intel.com" , "thomas.lendacky@amd.com" , "tglx@linutronix.de" , "dgilbert@redhat.com" , "gregkh@linuxfoundation.org" , "dinechin@redhat.com" , "linux-coco@lists.linux.dev" , "berrange@redhat.com" , "mst@redhat.com" , "tytso@mit.edu" , "jikos@kernel.org" , "joro@8bytes.org" , "leon@kernel.org" , "richard.weinberger@gmail.com" , "lukas@wunner.de" , "jejb@linux.ibm.com" , "cdupontd@redhat.com" , "jasowang@redhat.com" , "sameo@rivosinc.com" , "bp@alien8.de" , "security@kernel.org" , Larry Dewey , android-kvm@google.com, Dmitry Torokhov , Allen Webb , Tomasz Nowicki , Grzegorz Jaszczyk , Patryk Duda References: <20230612164727.3935657-1-carlos.bilbao@amd.com> <001aa2ed-2f78-4361-451d-e31a4d4abaa0@semihalf.com> Content-Language: en-US From: Dmytro Maluka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/16/23 15:56, Sean Christopherson wrote: > On Fri, Jun 16, 2023, Dmytro Maluka wrote: >> On 6/14/23 16:15, Sean Christopherson wrote: >>> On Wed, Jun 14, 2023, Elena Reshetova wrote: >>>>>> +This new type of adversary may be viewed as a more powerful type >>>>>> +of external attacker, as it resides locally on the same physical machine >>>>>> +-in contrast to a remote network attacker- and has control over the guest >>>>>> +kernel communication with most of the HW:: >>>>> >>>>> IIUC, this last statement doesn't hold true for the pKVM on x86 use case, which >>>>> specifically aims to give a "guest" exclusive access to hardware resources. >>>> >>>> Does it hold for *all* HW resources? If yes, indeed this would make pKVM on >>>> x86 considerably different. >>> >>> Heh, the original says "most", so it doesn't have to hold for all hardware resources, >>> just a simple majority. >> >> Again, pedantic mode on, I find it difficult to agree with the wording >> that the guest owns "most of" the HW resources it uses. It controls the >> data communication with its hardware device, but other resources (e.g. >> CPU time, interrupts, timers, PCI config space, ACPI) are owned by the >> host and virtualized by it for the guest. > > I wasn't saying that the guest owns most resources, I was saying that the *untrusted* > host does *not* own most resources that are exposed to the guest. My understanding > is that everything in your list is owned by the trusted hypervisor in the pKVM model. Heh, no. Most of these resources are owned by the untrusted host, that's the point. Basically for two reasons: 1. we want to keep the trusted hypervisor as simple as possible. 2. we don't need availability guarantees. The trusted hypervisor owns only: 2nd-stage MMU, IOMMU, VMCS (or its counterparts on non-Intel), physical PCI config space (merely for controlling a few critical registers like BARs and MSI address registers), perhaps a few more things that don't come to my mind now. The untrusted host schedules its guests on physical CPUs (i.e. the host's L1 vCPUs are 1:1 mapped onto pCPUs), while the trusted hypervisor has no scheduling, it only handles vmexits from the host and guests. The untrusted host fully controls the physical interrupt controllers (I think we realize that is not perfectly fine, but here we are), etc. > What I was pointing out is related to the above discussion about the guest needing > access to hardware that is effectively owned by the untrusted host, e.g. network > access.