Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51C1FC433F5 for ; Mon, 15 Nov 2021 16:52:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 379B460174 for ; Mon, 15 Nov 2021 16:52:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231819AbhKOQzF (ORCPT ); Mon, 15 Nov 2021 11:55:05 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:45536 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231697AbhKOQzC (ORCPT ); Mon, 15 Nov 2021 11:55:02 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 5DB8B1FD67; Mon, 15 Nov 2021 16:52:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1636995125; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cF6gRwZuLUiNl2xcIEuaWtuAmHNRho9AqC9wCZCdOO8=; b=2KJORy1sTUR9wRfGJRyXN1nv07fZ38SBxoGMzZx7j5ZUIZb07k43gywgWn6t5eaokma2eZ SEcLIqcap+ac8M6xGtYdBATImFf7P060wRgr3dildxU+BJj9kcIfeXqUf53ODeHzDaXPSz Df8u11CzGh0d4gL04sJ103q8h2MjttM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1636995125; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cF6gRwZuLUiNl2xcIEuaWtuAmHNRho9AqC9wCZCdOO8=; b=3+c573I918+mekzNcqL4MXr9DiRfrPEXE6oGKP4NmbVr/eMLhegZYO4En6CtGo1+4FVTzP M0kPCq11m8zgA8Dg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2AE9F13A66; Mon, 15 Nov 2021 16:52:04 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0yGvCDSQkmFoEwAAMHmgww (envelope-from ); Mon, 15 Nov 2021 16:52:04 +0000 Date: Mon, 15 Nov 2021 17:52:02 +0100 From: Joerg Roedel To: Sean Christopherson Cc: Marc Orr , Peter Gonda , Andy Lutomirski , Borislav Petkov , Dave Hansen , Brijesh Singh , the arch/x86 maintainers , Linux Kernel Mailing List , kvm list , linux-coco@lists.linux.dev, linux-mm@kvack.org, Linux Crypto Mailing List , Thomas Gleixner , Ingo Molnar , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Dave Hansen , Sergio Lopez , "Peter Zijlstra (Intel)" , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , Tony Luck , Sathyanarayanan Kuppuswamy Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Message-ID: References: <2cb3217b-8af5-4349-b59f-ca4a3703a01a@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sat, Nov 13, 2021 at 06:28:16PM +0000, Sean Christopherson wrote: > Another issue is that the host kernel, which despite being "untrusted", absolutely > should be acting in the best interests of the guest. Allowing userspace to inject > #VC, e.g. to attempt to attack the guest by triggering a spurious PVALIDATE, means > the kernel is failing miserably on that front. Well, no. The kernel is only a part of the hypervisor, KVM userspace is another. It is possible today for the userspace part(s) to interact in bad ways with the guest and trick or kill it. Allowing user-space to cause a #VC in the guest is no different from that. Regards, -- J?rg R?del jroedel@suse.de SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 N?rnberg Germany (HRB 36809, AG N?rnberg) Gesch?ftsf?hrer: Ivo Totev