From: "Zhu, Lingshan" <lingshan.zhu@intel.com>
To: Parav Pandit <parav@nvidia.com>,
"virtio-dev@lists.oasis-open.org"
<virtio-dev@lists.oasis-open.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>
Subject: Re: [virtio-dev] Re: [PATCH 0/5] virtio: introduce SUSPEND bit and vq state
Date: Tue, 19 Sep 2023 18:03:06 +0800 [thread overview]
Message-ID: <2e3bca3b-5292-cc89-80c8-225919717eb2@intel.com> (raw)
In-Reply-To: <PH0PR12MB54810692ACC61C50A911ADE8DCFAA@PH0PR12MB5481.namprd12.prod.outlook.com>
On 9/19/2023 5:06 PM, Parav Pandit wrote:
>
>> From: Zhu, Lingshan <lingshan.zhu@intel.com>
>> Sent: Tuesday, September 19, 2023 1:32 PM
>>
>> On 9/19/2023 2:41 AM, Parav Pandit wrote:
>>>> From: Zhu, Lingshan <lingshan.zhu@intel.com>
>>>> Sent: Monday, September 18, 2023 3:05 PM
>>>>
>>>> On 9/18/2023 2:54 PM, Parav Pandit wrote:
>>>>>> From: Zhu, Lingshan <lingshan.zhu@intel.com>
>>>>>> Sent: Monday, September 18, 2023 12:19 PM so admin vq based LM
>>>>>> solution can be a side channel attacking surface
>>>>> It will be part of the DSM whenever it will be used in future.
>>>>> Hence, it is not attack surface.
>>>> I am not sure, why we have to trust the PF?
>>>> This is out of virtio scope anyway.
>>>>
>>>> I have explained many times how it can be a attack surface, and examples.
>>>>
>>> And none of that make any sense as fundamentally, hypervisor is trusted
>> regardless of the approach.
>> this is not about hypervisors, I am saying admin vq based LM solution can be a
>> side channel attacking surface Please refer to my previously listed examples
>> and the TDISP spec is FYI.
> In previous email you wrote " As I said before, CC and TDISP is out of spec, that means we should ignore them for now."
> So I am ignoring it now and hence, I am ignoring above comment.
> Lets reach to a common ground for simplified case and than consider more complex cases.
ok
>
>>>> What happen if malicious SW dump guest memory by admin vq dirty page
>>>> tracking feature?
>>> What??
>>> Where is this malicious SW is located, in guest VM?
>> host, in this attacking model.
>>>>>>>>>> For untrusted hypervisor, same set of attack surface is present
>>>>>>>>>> with
>>>>>>>>>> trap+emulation.
>>>>>>>>>> So both method score same. Hence its not relevant point for
>> discussion.
>>>>>>>>> this is not hypervisor, Do you see any modern hypervisor have
>>>>>>>>> these issues?
>>>>>>>>>
>>>>>>>>> This is admin vq for LM can be a side channel attacking surface.
>>>>>>> It is not.
>>>>>>> Hypervisor is trusted entity.
>>>>>>> For untrusted hypervisor the TDISP is unified solution build by
>>>>>>> the various
>>>>>> industry bodies including DMTF, PCI for last few years.
>>>>>>> We want to utilize that.
>>>>>> first, TDISP is out of virtio spec.
>>>>> Sure, hence, untrusted hypervisor are out of scope.
>>>>> Otherwise, trap+emulation is equally dead which relies on the
>>>>> hypervisor to
>>>> do things.
>>>> so lets focus on LM topic, other than confidential computing.
>>> ok.
>>>
>>>>> Just because data transfer is not done, it does not mean that
>>>>> thousands of
>>>> polling register writes complete in stipulated time.
>>>> 1) again, they are per-device facilities
>>> That does not satisfy that it can somehow do work in < x usec time.
>> why? Do you mind take examples of basic PCI virtio common config space
>> registers?
>>>> 2) we use very few registers, even status byte does not require
>>>> polling, just re- read with delay.
>>>>
>>>> Please refer to the code for setting FEATURES_OK.
>>> It wont work when one needs to suspend the device.
>>> There is no point of doing such work over registers as fundamental framework
>> is over the AQ.
>> why it doesn't work?
> For two following reasons.
> 1. All the things needed cannot be communicated over registers efficiently, such as (a) device context, (b) dirty pages.
for a) please read QEMU live migration code.
for b) the registers in config space are control path, we don't store
dirty pages by the registers.
You can review the next version.
> 2. synchronous registers on the VF cannot inter operate with FLR and device reset flow.
Why FLR is a concern to this series? Have you read QEMU live migration
code? Does it handle FLR explicitly?
Does it need to handle all PCI attributes?
---------------------------------------------------------------------
To unsubscribe, e-mail: virtio-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: virtio-dev-help@lists.oasis-open.org
next prev parent reply other threads:[~2023-09-19 10:03 UTC|newest]
Thread overview: 269+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 8:16 [virtio-dev] [PATCH 0/5] virtio: introduce SUSPEND bit and vq state Zhu Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 1/5] virtio: introduce vq state as basic facility Zhu Lingshan
2023-09-06 8:28 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-09-06 9:43 ` Zhu, Lingshan
2023-09-14 11:25 ` Michael S. Tsirkin
2023-09-15 2:46 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 2/5] virtio: introduce SUSPEND bit in device status Zhu Lingshan
2023-09-14 11:34 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 2:57 ` Zhu, Lingshan
2023-09-15 11:10 ` Michael S. Tsirkin
2023-09-18 2:56 ` Zhu, Lingshan
2023-09-18 4:42 ` [virtio-dev] RE: [virtio-comment] " Parav Pandit
2023-09-18 5:14 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:17 ` [virtio-dev] " Parav Pandit
2023-09-18 6:38 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:46 ` [virtio-dev] " Parav Pandit
2023-09-18 6:49 ` [virtio-dev] " Zhu, Lingshan
2023-09-18 6:50 ` [virtio-dev] " Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 3/5] virtqueue: constraints for virtqueue state Zhu Lingshan
2023-09-14 11:30 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 2:59 ` Zhu, Lingshan
2023-09-15 11:16 ` Michael S. Tsirkin
2023-09-18 3:02 ` [virtio-dev] Re: [virtio-comment] " Zhu, Lingshan
2023-09-18 17:30 ` Michael S. Tsirkin
2023-09-19 7:56 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 4/5] virtqueue: ignore resetting vqs when SUSPEND Zhu Lingshan
2023-09-14 11:09 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 4:06 ` Zhu, Lingshan
2023-09-06 8:16 ` [virtio-dev] [PATCH 5/5] virtio-pci: implement VIRTIO_F_QUEUE_STATE Zhu Lingshan
2023-09-06 8:32 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-09-06 8:37 ` [virtio-dev] " Parav Pandit
2023-09-06 9:37 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 3:01 ` Jason Wang
2023-09-11 4:11 ` [virtio-dev] " Parav Pandit
2023-09-11 6:30 ` [virtio-dev] " Jason Wang
2023-09-11 6:47 ` [virtio-dev] " Parav Pandit
2023-09-11 6:58 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 7:07 ` [virtio-dev] " Parav Pandit
2023-09-11 7:18 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 7:30 ` [virtio-dev] " Parav Pandit
2023-09-11 7:58 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 8:12 ` [virtio-dev] " Parav Pandit
2023-09-11 8:46 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 9:05 ` [virtio-dev] " Parav Pandit
2023-09-11 9:32 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 10:21 ` [virtio-dev] " Parav Pandit
2023-09-12 4:06 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 5:58 ` [virtio-dev] " Parav Pandit
2023-09-12 6:33 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:47 ` [virtio-dev] " Parav Pandit
2023-09-12 7:27 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:40 ` [virtio-dev] " Parav Pandit
2023-09-12 9:02 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:21 ` [virtio-dev] " Parav Pandit
2023-09-12 13:03 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:43 ` [virtio-dev] " Parav Pandit
2023-09-13 4:01 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:12 ` [virtio-dev] " Parav Pandit
2023-09-13 4:20 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:36 ` [virtio-dev] " Parav Pandit
2023-09-14 8:19 ` [virtio-dev] " Zhu, Lingshan
2023-09-11 11:50 ` [virtio-dev] " Parav Pandit
2023-09-12 3:43 ` [virtio-dev] " Jason Wang
2023-09-12 5:50 ` [virtio-dev] " Parav Pandit
2023-09-13 4:44 ` [virtio-dev] " Jason Wang
2023-09-13 6:05 ` [virtio-dev] " Parav Pandit
2023-09-14 3:11 ` [virtio-dev] " Jason Wang
2023-09-17 5:22 ` [virtio-dev] " Parav Pandit
2023-09-19 4:35 ` [virtio-dev] " Jason Wang
2023-09-19 7:33 ` [virtio-dev] " Parav Pandit
2023-09-12 3:48 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 5:51 ` [virtio-dev] " Parav Pandit
2023-09-12 6:37 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:49 ` [virtio-dev] " Parav Pandit
2023-09-12 7:29 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:53 ` [virtio-dev] " Parav Pandit
2023-09-12 9:06 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:08 ` Zhu, Lingshan
2023-09-12 9:35 ` [virtio-dev] " Parav Pandit
2023-09-12 10:14 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:16 ` [virtio-dev] " Parav Pandit
2023-09-12 10:28 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 2:23 ` [virtio-dev] " Parav Pandit
2023-09-13 4:03 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:15 ` [virtio-dev] " Parav Pandit
2023-09-13 4:21 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:37 ` [virtio-dev] " Parav Pandit
2023-09-14 3:11 ` [virtio-dev] " Jason Wang
2023-09-17 5:25 ` [virtio-dev] " Parav Pandit
2023-09-19 4:34 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-14 8:22 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 9:28 ` [virtio-dev] " Parav Pandit
2023-09-12 10:17 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:25 ` [virtio-dev] " Parav Pandit
2023-09-12 10:32 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:40 ` [virtio-dev] " Parav Pandit
2023-09-12 13:04 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:36 ` [virtio-dev] " Parav Pandit
2023-09-12 4:10 ` [virtio-dev] " Jason Wang
2023-09-12 6:05 ` [virtio-dev] " Parav Pandit
2023-09-13 4:45 ` [virtio-dev] " Jason Wang
2023-09-13 6:39 ` [virtio-dev] " Parav Pandit
2023-09-14 3:08 ` [virtio-dev] " Jason Wang
2023-09-17 5:22 ` [virtio-dev] " Parav Pandit
2023-09-19 4:32 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-13 8:27 ` [virtio-dev] " Michael S. Tsirkin
2023-09-14 3:11 ` Jason Wang
2023-09-12 4:18 ` Jason Wang
2023-09-12 6:11 ` [virtio-dev] " Parav Pandit
2023-09-12 6:43 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 6:52 ` [virtio-dev] " Parav Pandit
2023-09-12 7:36 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 7:43 ` [virtio-dev] " Parav Pandit
2023-09-12 10:27 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:33 ` [virtio-dev] " Parav Pandit
2023-09-12 10:35 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 10:41 ` [virtio-dev] " Parav Pandit
2023-09-12 13:09 ` [virtio-dev] " Zhu, Lingshan
2023-09-12 13:35 ` [virtio-dev] " Parav Pandit
2023-09-13 4:13 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:19 ` [virtio-dev] " Parav Pandit
2023-09-13 4:22 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:39 ` [virtio-dev] " Parav Pandit
2023-09-14 8:24 ` [virtio-dev] " Zhu, Lingshan
2023-09-13 4:56 ` Jason Wang
2023-09-13 4:43 ` Jason Wang
2023-09-13 4:46 ` [virtio-dev] " Parav Pandit
2023-09-14 3:12 ` [virtio-dev] " Jason Wang
2023-09-17 5:29 ` [virtio-dev] " Parav Pandit
2023-09-19 4:25 ` [virtio-dev] " Jason Wang
2023-09-19 7:32 ` [virtio-dev] " Parav Pandit
2023-09-11 6:59 ` Parav Pandit
2023-09-11 10:15 ` [virtio-dev] " Michael S. Tsirkin
2023-09-12 3:35 ` Jason Wang
2023-09-12 3:43 ` Zhu, Lingshan
2023-09-14 11:27 ` Michael S. Tsirkin
2023-09-15 4:13 ` Zhu, Lingshan
2023-09-06 8:29 ` [virtio-dev] Re: [virtio-comment] [PATCH 0/5] virtio: introduce SUSPEND bit and vq state Michael S. Tsirkin
2023-09-06 8:38 ` Zhu, Lingshan
2023-09-06 13:49 ` Michael S. Tsirkin
2023-09-07 1:51 ` Zhu, Lingshan
2023-09-07 10:57 ` Eugenio Perez Martin
2023-09-07 19:55 ` Michael S. Tsirkin
2023-09-14 11:14 ` [virtio-dev] " Michael S. Tsirkin
2023-09-15 4:28 ` Zhu, Lingshan
2023-09-17 5:32 ` Parav Pandit
2023-09-18 3:10 ` Zhu, Lingshan
2023-09-18 4:32 ` Parav Pandit
2023-09-18 5:21 ` Zhu, Lingshan
2023-09-18 5:25 ` Zhu, Lingshan
2023-09-18 6:37 ` Parav Pandit
2023-09-18 6:49 ` Zhu, Lingshan
2023-09-18 6:54 ` Parav Pandit
2023-09-18 9:34 ` Zhu, Lingshan
2023-09-18 18:41 ` Parav Pandit
2023-09-18 18:49 ` Michael S. Tsirkin
2023-09-20 6:06 ` Zhu, Lingshan
2023-09-20 6:08 ` Parav Pandit
2023-09-20 6:31 ` Zhu, Lingshan
2023-09-20 8:34 ` Parav Pandit
2023-09-20 9:44 ` Zhu, Lingshan
2023-09-20 9:52 ` Parav Pandit
2023-09-20 11:11 ` Zhu, Lingshan
2023-09-20 11:15 ` Parav Pandit
2023-09-20 11:27 ` Zhu, Lingshan
2023-09-21 5:13 ` Michael S. Tsirkin
2023-09-20 10:36 ` Michael S. Tsirkin
2023-09-20 10:55 ` Parav Pandit
2023-09-20 11:28 ` Zhu, Lingshan
2023-09-20 11:52 ` Michael S. Tsirkin
2023-09-20 12:05 ` Zhu, Lingshan
2023-09-20 12:08 ` Zhu, Lingshan
2023-09-20 12:22 ` Michael S. Tsirkin
2023-09-20 11:22 ` Zhu, Lingshan
2023-09-20 12:05 ` Michael S. Tsirkin
2023-09-20 12:13 ` Parav Pandit
2023-09-20 12:16 ` Zhu, Lingshan
2023-09-20 12:40 ` Michael S. Tsirkin
2023-09-21 3:14 ` Jason Wang
2023-09-21 3:51 ` Parav Pandit
2023-09-21 4:02 ` Jason Wang
2023-09-21 4:11 ` Parav Pandit
2023-09-21 4:19 ` Jason Wang
2023-09-21 4:29 ` Parav Pandit
2023-09-22 3:13 ` Jason Wang
2023-09-20 12:41 ` Michael S. Tsirkin
2023-09-20 13:41 ` Parav Pandit
2023-09-20 14:13 ` Michael S. Tsirkin
2023-09-20 14:16 ` Michael S. Tsirkin
2023-09-20 17:21 ` Parav Pandit
2023-09-20 20:03 ` Michael S. Tsirkin
2023-09-21 3:43 ` Parav Pandit
2023-09-21 5:41 ` Michael S. Tsirkin
2023-09-21 5:54 ` Parav Pandit
2023-09-21 6:06 ` Michael S. Tsirkin
2023-09-21 6:31 ` Parav Pandit
2023-09-21 7:20 ` Michael S. Tsirkin
2023-09-21 7:53 ` Parav Pandit
2023-09-21 8:11 ` Michael S. Tsirkin
2023-09-21 9:17 ` Parav Pandit
2023-09-21 10:01 ` Michael S. Tsirkin
2023-09-21 11:13 ` Parav Pandit
2023-09-21 10:09 ` Michael S. Tsirkin
2023-09-21 10:39 ` Parav Pandit
2023-09-21 12:22 ` Michael S. Tsirkin
2023-09-21 12:39 ` Parav Pandit
2023-09-21 13:04 ` Michael S. Tsirkin
2023-09-22 3:31 ` Jason Wang
2023-09-21 9:06 ` Zhu, Lingshan
2023-09-21 9:18 ` Zhu, Lingshan
2023-09-21 9:26 ` Parav Pandit
2023-09-21 9:55 ` Zhu, Lingshan
2023-09-21 11:28 ` Parav Pandit
2023-09-22 2:40 ` Zhu, Lingshan
2023-09-21 3:26 ` Jason Wang
2023-09-21 4:21 ` Parav Pandit
2023-09-21 3:18 ` Jason Wang
2023-09-21 4:03 ` Parav Pandit
2023-09-21 3:17 ` Jason Wang
2023-09-21 4:01 ` Parav Pandit
2023-09-21 4:09 ` Jason Wang
2023-09-21 4:19 ` Parav Pandit
2023-09-22 3:08 ` Jason Wang
2023-09-22 3:39 ` Zhu, Lingshan
2023-09-25 10:41 ` Parav Pandit
2023-09-26 2:45 ` Jason Wang
2023-09-26 3:40 ` Parav Pandit
2023-09-26 4:37 ` Jason Wang
2023-09-26 5:21 ` Parav Pandit
2023-10-09 8:49 ` Jason Wang
2023-10-12 10:03 ` Michael S. Tsirkin
2023-09-27 15:31 ` Michael S. Tsirkin
2023-09-26 5:36 ` Zhu, Lingshan
2023-09-26 6:03 ` Parav Pandit
2023-09-26 9:25 ` Zhu, Lingshan
2023-09-26 10:48 ` Michael S. Tsirkin
2023-09-27 8:20 ` Zhu, Lingshan
2023-09-27 10:39 ` Parav Pandit
2023-10-09 10:05 ` Zhu, Lingshan
2023-10-09 10:07 ` Parav Pandit
2023-09-27 15:40 ` Michael S. Tsirkin
2023-10-09 10:01 ` Zhu, Lingshan
2023-10-11 10:20 ` [virtio-dev] Re: [virtio-comment] " Michael S. Tsirkin
2023-10-11 10:38 ` Zhu, Lingshan
2023-10-11 11:52 ` [virtio-dev] " Parav Pandit
2023-10-12 10:57 ` [virtio-dev] " Zhu, Lingshan
2023-10-12 11:13 ` Michael S. Tsirkin
2023-10-12 9:59 ` Michael S. Tsirkin
2023-10-12 10:49 ` Zhu, Lingshan
2023-10-12 11:12 ` Michael S. Tsirkin
2023-10-13 10:18 ` Zhu, Lingshan
2023-10-12 14:38 ` Michael S. Tsirkin
2023-10-13 10:23 ` Zhu, Lingshan
2023-09-27 21:43 ` Michael S. Tsirkin
2023-09-19 8:01 ` Zhu, Lingshan
2023-09-19 9:06 ` Parav Pandit
2023-09-19 10:03 ` Zhu, Lingshan [this message]
2023-09-19 4:27 ` Jason Wang
2023-09-19 7:32 ` Parav Pandit
2023-09-19 7:46 ` Zhu, Lingshan
2023-09-19 7:53 ` Parav Pandit
2023-09-19 8:03 ` Zhu, Lingshan
2023-09-19 8:31 ` Parav Pandit
2023-09-19 8:39 ` Zhu, Lingshan
2023-09-19 9:09 ` Parav Pandit
2023-09-14 11:37 ` Michael S. Tsirkin
2023-09-15 4:41 ` Zhu, Lingshan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e3bca3b-5292-cc89-80c8-225919717eb2@intel.com \
--to=lingshan.zhu@intel.com \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=parav@nvidia.com \
--cc=virtio-dev@lists.oasis-open.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox