From: "Michael S. Tsirkin" <mst@redhat.com>
To: "Zhu, Lingshan" <lingshan.zhu@intel.com>
Cc: Parav Pandit <parav@nvidia.com>,
"virtio-dev@lists.oasis-open.org"
<virtio-dev@lists.oasis-open.org>,
Jason Wang <jasowang@redhat.com>
Subject: Re: [virtio-dev] Re: [PATCH 0/5] virtio: introduce SUSPEND bit and vq state
Date: Wed, 20 Sep 2023 07:52:23 -0400 [thread overview]
Message-ID: <20230920072947-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <8b53c622-0c13-00e6-e53a-7ca065457a8b@intel.com>
On Wed, Sep 20, 2023 at 07:28:39PM +0800, Zhu, Lingshan wrote:
>
>
> On 9/20/2023 6:55 PM, Parav Pandit wrote:
> > > From: Michael S. Tsirkin <mst@redhat.com>
> > > Sent: Wednesday, September 20, 2023 4:06 PM
> > > I freely admit the finer points of this extended flamewar have been lost on me,
> > > and I wager I'm not the only one. I thought you wanted to migrate the device
> > > just by accessing the device itself (e.g. the VF) without accessing other devices
> > > (e.g. the PF), while Parav wants it in a separate device so the whole of the
> > > device itself can passed through to guest. Isn't this, fundamentally, the issue?
> > Right. An admin device doing the work of device migration. Today it is the owner PF.
> > In future it can be other admin device who is deleted this task of migration, who can be group owner.
> > All the admin commands that we plumb here just works great in that CC/TDI future, because only thing changes is the admin device issuing this command.
> >
> > > > the bar is only a proxy, doesn't fix anything. and even larger side
> > > > channel attacking surface: vf-->pf-->vf
> > > In this model there's no pf. BAR belongs to vf itself and you submit commands
> > > for the VF through its BAR.
> > > Just separate from the pci config space.
> > >
> > > The whole attacking surface discussion is also puzzling. We either are or are
> > > not discussing confidential computing/TDI. I couldn't figure it out. This needs a
> > > separate thread I think.
> > True. Many of Lingshan thoughts/comments gets mixed I feel.
> > Because he proposes trap+emulation/mediation-based solution by hypervisor and none of that is secure anyway in CC/TDI concept.
> > He keeps attacking AQ as some side channel attack, while somehow trap+emulation also done by hypervisor is secure, which obviously does not make sense in CC/TDI concept.
> > Both scores equal where hypervisor trust is of concern.
> Please answer directly:
And here you go discussing this in the same thread. I feel you guys are
wasting bytes copying the list with this most people lost track
if not interest.
> What if a malicious SW suspend the guest when it is running through admin vq
> live migration facility
I doubt suspend is a problem - looks like a denial of service to me
and that is not considered part of the threat model at least going by
the documents confidential computing guys are posting on lkml.
> What if a malicious SW dump guest memory by tracking guest dirty pages by
> admin vq live migration faclity
All this does is tell you which pages did device access though.
It looks like on many architectures this information is readily
available anyway due to host page tables being under the hypervisor
control, since this is how it's migrated. Problem? How is memory
migrated otherwise?
> >
> > And admin command approach [1] has clear direction for CC to delete those admin commands to a dedicated trusted entity instead of hypervisor.
> >
> > I try to explain these few times, but..
> >
> > Anyways, if AQ has some comments better to reply in its thread at [1].
> >
> > [1] https://lore.kernel.org/virtio-comment/20230909142911.524407-7-parav@nvidia.com/T/#md9fcfa1ba997463de8c7fb8c6d1786b224b0bead
> >
> > I will post v1 for [1] with more mature device context this week along with future provisioning item note.
---------------------------------------------------------------------
To unsubscribe, e-mail: virtio-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: virtio-dev-help@lists.oasis-open.org
next prev parent reply other threads:[~2023-09-20 11:52 UTC|newest]
Thread overview: 269+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 8:16 [virtio-dev] [PATCH 0/5] virtio: introduce SUSPEND bit and vq state Zhu Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 1/5] virtio: introduce vq state as basic facility Zhu Lingshan
2023-09-06 8:28 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-09-06 9:43 ` Zhu, Lingshan
2023-09-14 11:25 ` Michael S. Tsirkin
2023-09-15 2:46 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 2/5] virtio: introduce SUSPEND bit in device status Zhu Lingshan
2023-09-14 11:34 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 2:57 ` Zhu, Lingshan
2023-09-15 11:10 ` Michael S. Tsirkin
2023-09-18 2:56 ` Zhu, Lingshan
2023-09-18 4:42 ` [virtio-dev] RE: [virtio-comment] " Parav Pandit
2023-09-18 5:14 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:17 ` [virtio-dev] " Parav Pandit
2023-09-18 6:38 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:46 ` [virtio-dev] " Parav Pandit
2023-09-18 6:49 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:50 ` [virtio-dev] " Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 3/5] virtqueue: constraints for virtqueue state Zhu Lingshan
2023-09-14 11:30 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 2:59 ` Zhu, Lingshan
2023-09-15 11:16 ` Michael S. Tsirkin
2023-09-18 3:02 ` [virtio-dev] Re: [virtio-comment] " Zhu, Lingshan
2023-09-18 17:30 ` Michael S. Tsirkin
2023-09-19 7:56 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 4/5] virtqueue: ignore resetting vqs when SUSPEND Zhu Lingshan
2023-09-14 11:09 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 4:06 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 5/5] virtio-pci: implement VIRTIO_F_QUEUE_STATE Zhu Lingshan
2023-09-06 8:32 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-09-06 8:37 ` [virtio-dev] " Parav Pandit
2023-09-06 9:37 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 3:01 ` Jason Wang
2023-09-11 4:11 ` [virtio-dev] " Parav Pandit
2023-09-11 6:30 ` [virtio-dev] " Jason Wang
2023-09-11 6:47 ` [virtio-dev] " Parav Pandit
2023-09-11 6:58 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 7:07 ` [virtio-dev] " Parav Pandit
2023-09-11 7:18 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 7:30 ` [virtio-dev] " Parav Pandit
2023-09-11 7:58 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 8:12 ` [virtio-dev] " Parav Pandit
2023-09-11 8:46 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 9:05 ` [virtio-dev] " Parav Pandit
2023-09-11 9:32 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 10:21 ` [virtio-dev] " Parav Pandit
2023-09-12 4:06 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 5:58 ` [virtio-dev] " Parav Pandit
2023-09-12 6:33 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:47 ` [virtio-dev] " Parav Pandit
2023-09-12 7:27 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:40 ` [virtio-dev] " Parav Pandit
2023-09-12 9:02 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:21 ` [virtio-dev] " Parav Pandit
2023-09-12 13:03 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:43 ` [virtio-dev] " Parav Pandit
2023-09-13 4:01 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:12 ` [virtio-dev] " Parav Pandit
2023-09-13 4:20 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:36 ` [virtio-dev] " Parav Pandit
2023-09-14 8:19 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 11:50 ` [virtio-dev] " Parav Pandit
2023-09-12 3:43 ` [virtio-dev] " Jason Wang
2023-09-12 5:50 ` [virtio-dev] " Parav Pandit
2023-09-13 4:44 ` [virtio-dev] " Jason Wang
2023-09-13 6:05 ` [virtio-dev] " Parav Pandit
2023-09-14 3:11 ` [virtio-dev] " Jason Wang
2023-09-17 5:22 ` [virtio-dev] " Parav Pandit
2023-09-19 4:35 ` [virtio-dev] " Jason Wang
2023-09-19 7:33 ` [virtio-dev] " Parav Pandit
2023-09-12 3:48 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 5:51 ` [virtio-dev] " Parav Pandit
2023-09-12 6:37 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:49 ` [virtio-dev] " Parav Pandit
2023-09-12 7:29 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:53 ` [virtio-dev] " Parav Pandit
2023-09-12 9:06 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:08 ` Zhu, Lingshan
2023-09-12 9:35 ` [virtio-dev] " Parav Pandit
2023-09-12 10:14 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:16 ` [virtio-dev] " Parav Pandit
2023-09-12 10:28 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 2:23 ` [virtio-dev] " Parav Pandit
2023-09-13 4:03 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:15 ` [virtio-dev] " Parav Pandit
2023-09-13 4:21 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:37 ` [virtio-dev] " Parav Pandit
2023-09-14 3:11 ` [virtio-dev] " Jason Wang
2023-09-17 5:25 ` [virtio-dev] " Parav Pandit
2023-09-19 4:34 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-14 8:22 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:28 ` [virtio-dev] " Parav Pandit
2023-09-12 10:17 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:25 ` [virtio-dev] " Parav Pandit
2023-09-12 10:32 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:40 ` [virtio-dev] " Parav Pandit
2023-09-12 13:04 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:36 ` [virtio-dev] " Parav Pandit
2023-09-12 4:10 ` [virtio-dev] " Jason Wang
2023-09-12 6:05 ` [virtio-dev] " Parav Pandit
2023-09-13 4:45 ` [virtio-dev] " Jason Wang
2023-09-13 6:39 ` [virtio-dev] " Parav Pandit
2023-09-14 3:08 ` [virtio-dev] " Jason Wang
2023-09-17 5:22 ` [virtio-dev] " Parav Pandit
2023-09-19 4:32 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-13 8:27 ` [virtio-dev] " Michael S. Tsirkin
2023-09-14 3:11 ` Jason Wang
2023-09-12 4:18 ` Jason Wang
2023-09-12 6:11 ` [virtio-dev] " Parav Pandit
2023-09-12 6:43 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:52 ` [virtio-dev] " Parav Pandit
2023-09-12 7:36 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:43 ` [virtio-dev] " Parav Pandit
2023-09-12 10:27 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:33 ` [virtio-dev] " Parav Pandit
2023-09-12 10:35 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:41 ` [virtio-dev] " Parav Pandit
2023-09-12 13:09 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:35 ` [virtio-dev] " Parav Pandit
2023-09-13 4:13 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:19 ` [virtio-dev] " Parav Pandit
2023-09-13 4:22 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:39 ` [virtio-dev] " Parav Pandit
2023-09-14 8:24 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:56 ` Jason Wang
2023-09-13 4:43 ` Jason Wang
2023-09-13 4:46 ` [virtio-dev] " Parav Pandit
2023-09-14 3:12 ` [virtio-dev] " Jason Wang
2023-09-17 5:29 ` [virtio-dev] " Parav Pandit
2023-09-19 4:25 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-11 6:59 ` Parav Pandit
2023-09-11 10:15 ` [virtio-dev] " Michael S. Tsirkin
2023-09-12 3:35 ` Jason Wang
2023-09-12 3:43 ` Zhu, Lingshan
2023-09-14 11:27 ` Michael S. Tsirkin
2023-09-15 4:13 ` Zhu, Lingshan
2023-09-06 8:29 ` [virtio-dev] Re: [virtio-comment] [PATCH 0/5] virtio: introduce SUSPEND bit and vq state Michael S. Tsirkin
2023-09-06 8:38 ` Zhu, Lingshan
2023-09-06 13:49 ` Michael S. Tsirkin
2023-09-07 1:51 ` Zhu, Lingshan
2023-09-07 10:57 ` Eugenio Perez Martin
2023-09-07 19:55 ` Michael S. Tsirkin
2023-09-14 11:14 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 4:28 ` Zhu, Lingshan
2023-09-17 5:32 ` Parav Pandit
2023-09-18 3:10 ` Zhu, Lingshan
2023-09-18 4:32 ` Parav Pandit
2023-09-18 5:21 ` Zhu, Lingshan
2023-09-18 5:25 ` Zhu, Lingshan
2023-09-18 6:37 ` Parav Pandit
2023-09-18 6:49 ` Zhu, Lingshan
2023-09-18 6:54 ` Parav Pandit
2023-09-18 9:34 ` Zhu, Lingshan
2023-09-18 18:41 ` Parav Pandit
2023-09-18 18:49 ` Michael S. Tsirkin
2023-09-20 6:06 ` Zhu, Lingshan
2023-09-20 6:08 ` Parav Pandit
2023-09-20 6:31 ` Zhu, Lingshan
2023-09-20 8:34 ` Parav Pandit
2023-09-20 9:44 ` Zhu, Lingshan
2023-09-20 9:52 ` Parav Pandit
2023-09-20 11:11 ` Zhu, Lingshan
2023-09-20 11:15 ` Parav Pandit
2023-09-20 11:27 ` Zhu, Lingshan
2023-09-21 5:13 ` Michael S. Tsirkin
2023-09-20 10:36 ` Michael S. Tsirkin
2023-09-20 10:55 ` Parav Pandit
2023-09-20 11:28 ` Zhu, Lingshan
2023-09-20 11:52 ` Michael S. Tsirkin [this message]
2023-09-20 12:05 ` Zhu, Lingshan
2023-09-20 12:08 ` Zhu, Lingshan
2023-09-20 12:22 ` Michael S. Tsirkin
2023-09-20 11:22 ` Zhu, Lingshan
2023-09-20 12:05 ` Michael S. Tsirkin
2023-09-20 12:13 ` Parav Pandit
2023-09-20 12:16 ` Zhu, Lingshan
2023-09-20 12:40 ` Michael S. Tsirkin
2023-09-21 3:14 ` Jason Wang
2023-09-21 3:51 ` Parav Pandit
2023-09-21 4:02 ` Jason Wang
2023-09-21 4:11 ` Parav Pandit
2023-09-21 4:19 ` Jason Wang
2023-09-21 4:29 ` Parav Pandit
2023-09-22 3:13 ` Jason Wang
2023-09-20 12:41 ` Michael S. Tsirkin
2023-09-20 13:41 ` Parav Pandit
2023-09-20 14:13 ` Michael S. Tsirkin
2023-09-20 14:16 ` Michael S. Tsirkin
2023-09-20 17:21 ` Parav Pandit
2023-09-20 20:03 ` Michael S. Tsirkin
2023-09-21 3:43 ` Parav Pandit
2023-09-21 5:41 ` Michael S. Tsirkin
2023-09-21 5:54 ` Parav Pandit
2023-09-21 6:06 ` Michael S. Tsirkin
2023-09-21 6:31 ` Parav Pandit
2023-09-21 7:20 ` Michael S. Tsirkin
2023-09-21 7:53 ` Parav Pandit
2023-09-21 8:11 ` Michael S. Tsirkin
2023-09-21 9:17 ` Parav Pandit
2023-09-21 10:01 ` Michael S. Tsirkin
2023-09-21 11:13 ` Parav Pandit
2023-09-21 10:09 ` Michael S. Tsirkin
2023-09-21 10:39 ` Parav Pandit
2023-09-21 12:22 ` Michael S. Tsirkin
2023-09-21 12:39 ` Parav Pandit
2023-09-21 13:04 ` Michael S. Tsirkin
2023-09-22 3:31 ` Jason Wang
2023-09-21 9:06 ` Zhu, Lingshan
2023-09-21 9:18 ` Zhu, Lingshan
2023-09-21 9:26 ` Parav Pandit
2023-09-21 9:55 ` Zhu, Lingshan
2023-09-21 11:28 ` Parav Pandit
2023-09-22 2:40 ` Zhu, Lingshan
2023-09-21 3:26 ` Jason Wang
2023-09-21 4:21 ` Parav Pandit
2023-09-21 3:18 ` Jason Wang
2023-09-21 4:03 ` Parav Pandit
2023-09-21 3:17 ` Jason Wang
2023-09-21 4:01 ` Parav Pandit
2023-09-21 4:09 ` Jason Wang
2023-09-21 4:19 ` Parav Pandit
2023-09-22 3:08 ` Jason Wang
2023-09-22 3:39 ` Zhu, Lingshan
2023-09-25 10:41 ` Parav Pandit
2023-09-26 2:45 ` Jason Wang
2023-09-26 3:40 ` Parav Pandit
2023-09-26 4:37 ` Jason Wang
2023-09-26 5:21 ` Parav Pandit
2023-10-09 8:49 ` Jason Wang
2023-10-12 10:03 ` Michael S. Tsirkin
2023-09-27 15:31 ` Michael S. Tsirkin
2023-09-26 5:36 ` Zhu, Lingshan
2023-09-26 6:03 ` Parav Pandit
2023-09-26 9:25 ` Zhu, Lingshan
2023-09-26 10:48 ` Michael S. Tsirkin
2023-09-27 8:20 ` Zhu, Lingshan
2023-09-27 10:39 ` Parav Pandit
2023-10-09 10:05 ` Zhu, Lingshan
2023-10-09 10:07 ` Parav Pandit
2023-09-27 15:40 ` Michael S. Tsirkin
2023-10-09 10:01 ` Zhu, Lingshan
2023-10-11 10:20 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-10-11 10:38 ` Zhu, Lingshan
2023-10-11 11:52 ` [virtio-dev] " Parav Pandit
2023-10-12 10:57 ` [virtio-dev] " Zhu, Lingshan
2023-10-12 11:13 ` Michael S. Tsirkin
2023-10-12 9:59 ` Michael S. Tsirkin
2023-10-12 10:49 ` Zhu, Lingshan
2023-10-12 11:12 ` Michael S. Tsirkin
2023-10-13 10:18 ` Zhu, Lingshan
2023-10-12 14:38 ` Michael S. Tsirkin
2023-10-13 10:23 ` Zhu, Lingshan
2023-09-27 21:43 ` Michael S. Tsirkin
2023-09-19 8:01 ` Zhu, Lingshan
2023-09-19 9:06 ` Parav Pandit
2023-09-19 10:03 ` Zhu, Lingshan
2023-09-19 4:27 ` Jason Wang
2023-09-19 7:32 ` Parav Pandit
2023-09-19 7:46 ` Zhu, Lingshan
2023-09-19 7:53 ` Parav Pandit
2023-09-19 8:03 ` Zhu, Lingshan
2023-09-19 8:31 ` Parav Pandit
2023-09-19 8:39 ` Zhu, Lingshan
2023-09-19 9:09 ` Parav Pandit
2023-09-14 11:37 ` Michael S. Tsirkin
2023-09-15 4:41 ` Zhu, Lingshan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920072947-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=jasowang@redhat.com \
--cc=lingshan.zhu@intel.com \
--cc=parav@nvidia.com \
--cc=virtio-dev@lists.oasis-open.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox