virtualization.lists.linux-foundation.org archive mirror
 help / color / mirror / Atom feed
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Andi Kleen <ak@linux.intel.com>
Cc: Kuppuswamy Sathyanarayanan
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	linux-pci@vger.kernel.org, linux-mips@vger.kernel.org,
	James E J Bottomley <James.Bottomley@hansenpartnership.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Peter H Anvin <hpa@zytor.com>,
	sparclinux@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>, Helge Deller <deller@gmx.de>,
	x86@kernel.org, Ingo Molnar <mingo@redhat.com>,
	linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
	Tony Luck <tony.luck@intel.com>, Borislav Petkov <bp@alien8.de>,
	Andy Lutomirski <luto@kernel.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Bjorn Helgaas <bhelgaas@google.com>,
	Dan Williams <dan.j.williams@intel.com>,
	virtualization@lists.linux-foundation.org,
	Richard Henderson <rth@twiddle.net>,
	Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
	linux-parisc@vger.kernel.org,
	Sean Christopherson <seanjc@google.com>,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-alpha@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
	"David S . Miller" <davem@davemloft.net>,
	Kirill Shutemov <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
Date: Fri, 15 Oct 2021 02:57:16 -0400	[thread overview]
Message-ID: <20211015024923-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <c2ce5ad8-4df7-3a37-b235-8762a76b1fd3@linux.intel.com>

On Thu, Oct 14, 2021 at 10:50:59PM -0700, Andi Kleen wrote:
> 
> > I thought you basically create an OperationRegion of SystemMemory type,
> > and off you go. Maybe the OSPM in Linux is clever and protects
> > some memory, I wouldn't know.
> 
> 
> I investigated this now, and it looks like acpi is using ioremap_cache(). We
> can hook into that and force non sharing. It's probably safe to assume that
> this is not used on real IO devices.
> 
> I think there are still some other BIOS mappings that use just plain
> ioremap() though.
> 
> 
> -Andi

Hmm don't you mean the reverse? If you make ioremap shared then OS is
protected from malicious ACPI? If you don't make it shared then
malicious ACPI can poke at arbitrary OS memory.  Looks like making
ioremap non shared by default is actually less safe than shared.
Interesting.

For BIOS I suspect there's no way around it, it needs to be
audited since it's executable.

-- 
MST

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

  reply	other threads:[~2021-10-15  6:57 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20211009003711.1390019-1-sathyanarayanan.kuppuswamy@linux.intel.com>
     [not found] ` <20211009003711.1390019-17-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-09  1:45   ` [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared Randy Dunlap
2021-10-09 11:04   ` Michael S. Tsirkin
2021-10-11  2:39     ` Andi Kleen
2021-10-11 12:04       ` Michael S. Tsirkin
2021-10-11 17:35         ` Andi Kleen
2021-10-11 18:28           ` Michael S. Tsirkin
2021-10-12 17:55             ` Andi Kleen
2021-10-12 20:59               ` Michael S. Tsirkin
2021-10-12 21:18                 ` Andi Kleen
2021-10-12 21:30                   ` Michael S. Tsirkin
2021-10-15  5:50                     ` Andi Kleen
2021-10-15  6:57                       ` Michael S. Tsirkin [this message]
     [not found] ` <20211009003711.1390019-13-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-09  9:53   ` [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() Michael S. Tsirkin
2021-10-09 20:39     ` Dan Williams
2021-10-10 22:11       ` Andi Kleen
2021-10-12 17:42         ` Dan Williams
2021-10-12 18:35           ` Andi Kleen
2021-10-12 21:14             ` Dan Williams
2021-10-12 21:18               ` Michael S. Tsirkin
2021-10-12 21:24                 ` Andi Kleen
2021-10-12 21:28               ` Andi Kleen
2021-10-12 22:00                 ` Dan Williams
2021-10-18 12:13             ` Greg KH
     [not found]         ` <DM8PR11MB57501C8F8F5C8B315726882EE7B69@DM8PR11MB5750.namprd11.prod.outlook.com>
2021-10-12 18:38           ` Andi Kleen
     [not found]             ` <DM8PR11MB57505C520763DF706309E177E7B69@DM8PR11MB5750.namprd11.prod.outlook.com>
2021-10-12 19:13               ` Dan Williams
2021-10-12 19:49                 ` Andi Kleen
2021-10-12 21:11           ` Michael S. Tsirkin
     [not found]             ` <DM8PR11MB5750A40FAA6AFF6A29CF70DAE7B89@DM8PR11MB5750.namprd11.prod.outlook.com>
2021-10-14  6:57               ` Michael S. Tsirkin
     [not found]                 ` <DM8PR11MB57500B2D821E8AAF93EB66CEE7B89@DM8PR11MB5750.namprd11.prod.outlook.com>
2021-10-14  9:26                   ` Michael S. Tsirkin
     [not found]                     ` <DM8PR11MB57505AAA1E1209F7FCA69C11E7B89@DM8PR11MB5750.namprd11.prod.outlook.com>
2021-10-17 22:17                       ` Michael S. Tsirkin
2021-10-14 11:49                   ` Michael S. Tsirkin
2021-10-17 21:52               ` Thomas Gleixner
2021-10-18  0:55         ` Thomas Gleixner
2021-10-18  1:10           ` Thomas Gleixner
2021-10-18 12:08         ` Greg KH
2021-10-10 22:22     ` Andi Kleen
2021-10-11 11:59       ` Michael S. Tsirkin
2021-10-11 17:32         ` Andi Kleen
2021-10-11 18:22           ` Michael S. Tsirkin
2021-10-18 12:15         ` Greg KH
2021-10-18 13:17           ` Michael S. Tsirkin
2021-10-11  7:58   ` Christoph Hellwig
2021-10-11 17:23     ` Andi Kleen
2021-10-11 19:09       ` Michael S. Tsirkin
2021-10-12  5:31         ` Christoph Hellwig
2021-10-12 18:37           ` Andi Kleen
     [not found] ` <20211009003711.1390019-5-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-20 16:03   ` [PATCH v5 04/16] x86/tdx: Make pages shared in ioremap() Tom Lendacky via Virtualization
     [not found] ` <20211009003711.1390019-2-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-20 16:11   ` [PATCH v5 01/16] x86/mm: Move force_dma_unencrypted() to common code Tom Lendacky via Virtualization
     [not found] ` <20211009003711.1390019-7-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-20 16:33   ` [PATCH v5 06/16] x86/tdx: Make DMA pages shared Tom Lendacky via Virtualization
     [not found]     ` <66acafb6-7659-7d76-0f52-d002cfae9cc8@linux.intel.com>
2021-10-20 17:22       ` Tom Lendacky via Virtualization
     [not found] ` <20211009003711.1390019-8-sathyanarayanan.kuppuswamy@linux.intel.com>
2021-10-20 16:39   ` [PATCH v5 07/16] x86/kvm: Use bounce buffers for TD guest Tom Lendacky via Virtualization
     [not found]     ` <0a9c6485-74d8-e0fc-d261-097380272e07@linux.intel.com>
2021-10-20 17:26       ` Tom Lendacky via Virtualization
     [not found] ` <20211009003711.1390019-4-sathyanarayanan.kuppuswamy@linux.intel.com>
     [not found]   ` <YYWsJFP31vpCAVFg@google.com>
2021-11-08 14:45     ` [PATCH v5 03/16] x86/tdx: Exclude Shared bit from physical_mask Kirill A. Shutemov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211015024923-mutt-send-email-mst@kernel.org \
    --to=mst@redhat.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=aarcange@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=arnd@arndb.de \
    --cc=bhelgaas@google.com \
    --cc=bp@alien8.de \
    --cc=corbet@lwn.net \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@intel.com \
    --cc=davem@davemloft.net \
    --cc=deller@gmx.de \
    --cc=hpa@zytor.com \
    --cc=jpoimboe@redhat.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=knsathya@kernel.org \
    --cc=linux-alpha@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@vger.kernel.org \
    --cc=linux-parisc@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=rth@twiddle.net \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=seanjc@google.com \
    --cc=sparclinux@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=tsbogend@alpha.franken.de \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).