From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: "Paul E . McKenney" <paulmck@kernel.org>,
"kaplan, david" <david.kaplan@amd.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Peter Zijlstra <peterz@infradead.org>,
"Hetzelt, Felicitas" <f.hetzelt@tu-berlin.de>,
linux-kernel <linux-kernel@vger.kernel.org>,
virtualization <virtualization@lists.linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH V2 06/12] virtio_pci: harden MSI-X interrupts
Date: Wed, 20 Oct 2021 02:56:27 -0400 [thread overview]
Message-ID: <20211020022529-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CACGkMEvSVA=qx6m7BvM-P9mm=KpPihWhVWUycj2WGnwxfa+HAA@mail.gmail.com>
On Wed, Oct 20, 2021 at 09:33:49AM +0800, Jason Wang wrote:
> > In my own opinion, the threat model is:
> >
> > Attacker: 'malicious' hypervisor
> >
> > Victim: VM with SEV/TDX/SGX
> >
> > The attacker should not be able to steal secure/private data from VM, when the
> > hypervisor's action is unexpected. DoS is out of the scope.
> >
> > My concern is: it is very hard to clearly explain in the patchset how the
> > hypervisor is able to steal VM's data, by setting queue=0 or injecting unwanted
> > interrupts to VM.
>
> Yes, it's a hard question but instead of trying to answer that, we can
> just fix the case of e.g unexpected interrupts.
>
> Thanks
I think this it's still early days for TDX. So it's a bit early to talk
about threat models, start opening CVEs and distinguishing between
security and non-security bugs.
--
MST
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: Dongli Zhang <dongli.zhang@oracle.com>,
"Paul E . McKenney" <paulmck@kernel.org>,
"kaplan, david" <david.kaplan@amd.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Peter Zijlstra <peterz@infradead.org>,
"Hetzelt, Felicitas" <f.hetzelt@tu-berlin.de>,
linux-kernel <linux-kernel@vger.kernel.org>,
virtualization <virtualization@lists.linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH V2 06/12] virtio_pci: harden MSI-X interrupts
Date: Wed, 20 Oct 2021 02:56:27 -0400 [thread overview]
Message-ID: <20211020022529-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CACGkMEvSVA=qx6m7BvM-P9mm=KpPihWhVWUycj2WGnwxfa+HAA@mail.gmail.com>
On Wed, Oct 20, 2021 at 09:33:49AM +0800, Jason Wang wrote:
> > In my own opinion, the threat model is:
> >
> > Attacker: 'malicious' hypervisor
> >
> > Victim: VM with SEV/TDX/SGX
> >
> > The attacker should not be able to steal secure/private data from VM, when the
> > hypervisor's action is unexpected. DoS is out of the scope.
> >
> > My concern is: it is very hard to clearly explain in the patchset how the
> > hypervisor is able to steal VM's data, by setting queue=0 or injecting unwanted
> > interrupts to VM.
>
> Yes, it's a hard question but instead of trying to answer that, we can
> just fix the case of e.g unexpected interrupts.
>
> Thanks
I think this it's still early days for TDX. So it's a bit early to talk
about threat models, start opening CVEs and distinguishing between
security and non-security bugs.
--
MST
next prev parent reply other threads:[~2021-10-20 6:56 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-12 6:52 [PATCH V2 00/12] More virtio hardening Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 01/12] virtio-blk: validate num_queues during probe Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 10:04 ` Michael S. Tsirkin
2021-10-13 10:04 ` Michael S. Tsirkin
2021-10-14 2:32 ` Jason Wang
2021-10-14 2:32 ` Jason Wang
2021-10-14 5:45 ` Michael S. Tsirkin
2021-10-14 5:45 ` Michael S. Tsirkin
2021-10-14 6:23 ` Jason Wang
2021-10-14 6:23 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 02/12] virtio: add doc for validate() method Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 10:09 ` Michael S. Tsirkin
2021-10-13 10:09 ` Michael S. Tsirkin
2021-10-14 2:32 ` Jason Wang
2021-10-14 2:32 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 03/12] virtio-console: switch to use .validate() Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 9:50 ` Michael S. Tsirkin
2021-10-13 9:50 ` Michael S. Tsirkin
2021-10-14 2:28 ` Jason Wang
2021-10-14 2:28 ` Jason Wang
2021-10-14 5:58 ` Michael S. Tsirkin
2021-10-14 5:58 ` Michael S. Tsirkin
2021-10-12 6:52 ` [PATCH V2 04/12] virtio_console: validate max_nr_ports before trying to use it Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 05/12] virtio_config: introduce a new ready method Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 9:57 ` Michael S. Tsirkin
2021-10-13 9:57 ` Michael S. Tsirkin
2021-10-12 6:52 ` [PATCH V2 06/12] virtio_pci: harden MSI-X interrupts Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 9:59 ` Michael S. Tsirkin
2021-10-13 9:59 ` Michael S. Tsirkin
2021-10-14 2:29 ` Jason Wang
2021-10-14 2:29 ` Jason Wang
2021-10-15 12:09 ` Dongli Zhang
2021-10-15 12:09 ` Dongli Zhang
2021-10-15 17:27 ` Michael S. Tsirkin
2021-10-15 17:27 ` Michael S. Tsirkin
2021-10-19 1:33 ` Jason Wang
2021-10-19 1:33 ` Jason Wang
2021-10-19 17:01 ` Dongli Zhang
2021-10-19 17:01 ` Dongli Zhang
2021-10-20 1:33 ` Jason Wang
2021-10-20 1:33 ` Jason Wang
2021-10-20 6:56 ` Michael S. Tsirkin [this message]
2021-10-20 6:56 ` Michael S. Tsirkin
2021-10-12 6:52 ` [PATCH V2 07/12] virtio-pci: harden INTX interrupts Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 9:42 ` Michael S. Tsirkin
2021-10-13 9:42 ` Michael S. Tsirkin
2021-10-14 2:35 ` Jason Wang
2021-10-14 2:35 ` Jason Wang
2021-10-14 5:49 ` Michael S. Tsirkin
2021-10-14 5:49 ` Michael S. Tsirkin
2021-10-14 6:20 ` Jason Wang
2021-10-14 6:20 ` Jason Wang
2021-10-14 6:26 ` Michael S. Tsirkin
2021-10-14 6:26 ` Michael S. Tsirkin
2021-10-14 6:32 ` Jason Wang
2021-10-14 6:32 ` Jason Wang
2021-10-14 7:04 ` Michael S. Tsirkin
2021-10-14 7:04 ` Michael S. Tsirkin
2021-10-14 7:12 ` Jason Wang
2021-10-14 7:12 ` Jason Wang
2021-10-14 9:25 ` Michael S. Tsirkin
2021-10-14 9:25 ` Michael S. Tsirkin
2021-10-14 10:03 ` Jason Wang
2021-10-14 10:03 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 08/12] virtio_ring: fix typos in vring_desc_extra Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 09/12] virtio_ring: validate used buffer length Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-13 10:02 ` Michael S. Tsirkin
2021-10-13 10:02 ` Michael S. Tsirkin
2021-10-14 2:30 ` Jason Wang
2021-10-14 2:30 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 10/12] virtio-net: don't let virtio core to validate used length Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 11/12] virtio-blk: " Jason Wang
2021-10-12 6:52 ` Jason Wang
2021-10-12 6:52 ` [PATCH V2 12/12] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang
2021-10-12 6:52 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211020022529-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=david.kaplan@amd.com \
--cc=f.hetzelt@tu-berlin.de \
--cc=jasowang@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.