Re: [RFC v2-fix 1/1] x86/tdx: Make DMA pages shared

From: Dave Hansen
Date: Tue May 18 2021 - 18:32:10 EST

Next message: Nicolas Pitre: "Re: [PATCH 3/4] ARM: change vmalloc_min to vmalloc_start"
Previous message: Dmitry Osipenko: "Question about Tegra UCMs"
In reply to: Kuppuswamy, Sathyanarayanan: "Re: [RFC v2-fix 1/1] x86/tdx: Make DMA pages shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/18/21 3:12 PM, Kuppuswamy, Sathyanarayanan wrote:
> "TDX is similar. In TDX architecture, the private guest memory is
> encrypted, which prevents anything other than guest from
> accessing/modifying it. So to communicate with I/O devices, we need
> to create decrypted mapping and make the pages shared."

That's actually even more wrong. :(

Check out "Machine Check Architecture Background" in the TDX
architecture spec.

Modification is totally permitted in the architecture. A host can write
all day long to guest memory. Depending on how you use the word,
"access" can also include writes.

TDX really just prevents guests from *consuming* the gunk that an
attacker might write.

Also, don't say "decrypted". The memory is probably still TME-enabled
and probably encrypted on the DIMM. It's still encrypted even if
shared, it's just using the TME key, not the TD key.

Next message: Nicolas Pitre: "Re: [PATCH 3/4] ARM: change vmalloc_min to vmalloc_start"
Previous message: Dmitry Osipenko: "Question about Tegra UCMs"
In reply to: Kuppuswamy, Sathyanarayanan: "Re: [RFC v2-fix 1/1] x86/tdx: Make DMA pages shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]