Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared

From: Michael S. Tsirkin
Date: Sun Oct 17 2021 - 18:41:00 EST

Next message: Pavel Begunkov: "Re: [PATCH 0/5] cache request_queue pointer"
Previous message: Michael S. Tsirkin: "Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 15, 2021 at 06:34:17AM -0700, Andi Kleen wrote:
> cutting down the insane cc list.
>
> On 10/14/2021 11:57 PM, Michael S. Tsirkin wrote:
> > On Thu, Oct 14, 2021 at 10:50:59PM -0700, Andi Kleen wrote:
> > > > I thought you basically create an OperationRegion of SystemMemory type,
> > > > and off you go. Maybe the OSPM in Linux is clever and protects
> > > > some memory, I wouldn't know.
> > >
> > > I investigated this now, and it looks like acpi is using ioremap_cache(). We
> > > can hook into that and force non sharing. It's probably safe to assume that
> > > this is not used on real IO devices.
> > >
> > > I think there are still some other BIOS mappings that use just plain
> > > ioremap() though.
> > >
> > >
> > > -Andi
> > Hmm don't you mean the reverse? If you make ioremap shared then OS is
> > protected from malicious ACPI?
>
>
> Nope
>
> > If you don't make it shared then
> > malicious ACPI can poke at arbitrary OS memory.
>
>
> When it's private it's protected and when it's shared it can be attacked
>
>
> >
> > For BIOS I suspect there's no way around it, it needs to be
> > audited since it's executable.
>
>
> The guest BIOS is attested and trusted. The original ACPI tables by the BIOS
> are attested and trusted too.
>
> Just if we map the ACPI tables temporarily shared then an evil hypervisor
> could modify them during that time window.
>
> -Andi

I thought some more about it.

Fundamentally, ACPI has these types of OperationRegions:
SystemIO | SystemMemory | PCI_Config | EmbeddedControl | SMBus | SystemCMOS | 
PciBarTarget | IPMI | GeneralPurposeIO | GenericSerialBus |
PCC

Now, SystemMemory can be used to talk to either BIOS (should be
encrypted) or hypervisor (should not be encrypted).

I think it's not a great idea to commit to either, or teach users
to hack around it with command line flags. Instead
there should be a new SystemMemoryUnencrypted API for interface with
the hypervisor. Can you guys propose this at the ACPI spec?
If not but at least we are in agreement I guess I can try to do it,
have a bit of experience with the ACPI spec.

And I assume PciBarTarget should be unencrypted so it can work.

--
MST

Next message: Pavel Begunkov: "Re: [PATCH 0/5] cache request_queue pointer"
Previous message: Michael S. Tsirkin: "Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]