Re: [PATCH 00/16] KVM: arm64: MMIO guard PV services

[PATCH 00/16] KVM: arm64: MMIO guard PV services · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 01/16] KVM: arm64: Generalise VM features into a set of flags · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 01/16] KVM: arm64: Generalise VM features into a set of flags · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 01/16] KVM: arm64: Generalise VM features into a set of flags · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 01/16] KVM: arm64: Generalise VM features into a set of flags · Steven Price <steven.price@arm.com> · 2021-07-28
[PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid · Quentin Perret <hidden> · 2021-07-19
Re: [PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid · Marc Zyngier <maz@kernel.org> · 2021-07-20
Re: [PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid · Marc Zyngier <maz@kernel.org> · 2021-07-28
[PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Quentin Perret <hidden> · 2021-07-20
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Marc Zyngier <maz@kernel.org> · 2021-07-20
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Quentin Perret <hidden> · 2021-07-20
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Marc Zyngier <maz@kernel.org> · 2021-07-20
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Quentin Perret <hidden> · 2021-07-20
Re: [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate · Marc Zyngier <maz@kernel.org> · 2021-07-20
[PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Quentin Perret <hidden> · 2021-07-20
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Marc Zyngier <maz@kernel.org> · 2021-07-20
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Quentin Perret <hidden> · 2021-07-20
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Marc Zyngier <maz@kernel.org> · 2021-07-22
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Quentin Perret <hidden> · 2021-07-23
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Will Deacon <will@kernel.org> · 2021-07-30
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Marc Zyngier <maz@kernel.org> · 2021-07-30
Re: [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure · Quentin Perret <hidden> · 2021-07-30
[PATCH 05/16] KVM: arm64: Plumb MMIO checking into the fault handling · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 05/16] KVM: arm64: Plumb MMIO checking into the fault handling · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 05/16] KVM: arm64: Plumb MMIO checking into the fault handling · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 05/16] KVM: arm64: Plumb MMIO checking into the fault handling · Will Deacon <will@kernel.org> · 2021-07-30
[PATCH 06/16] KVM: arm64: Force a full unmap on vpcu reinit · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 06/16] KVM: arm64: Force a full unmap on vpcu reinit · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 06/16] KVM: arm64: Force a full unmap on vpcu reinit · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 06/16] KVM: arm64: Force a full unmap on vpcu reinit · Will Deacon <will@kernel.org> · 2021-07-30
[PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls · Will Deacon <will@kernel.org> · 2021-07-30
Re: [PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls · Marc Zyngier <maz@kernel.org> · 2021-08-01
[PATCH 08/16] KVM: arm64: Add tracepoint for failed MMIO guard check · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 09/16] KVM: arm64: Advertise a capability for MMIO guard · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature · Andrew Jones <hidden> · 2021-07-21
Re: [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature · Marc Zyngier <maz@kernel.org> · 2021-07-23
Re: [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature · Andrew Jones <hidden> · 2021-07-23
Re: [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature · Marc Zyngier <maz@kernel.org> · 2021-07-23
[PATCH 13/16] arm64: Implement ioremap/iounmap hooks calling into KVM's MMIO guard · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 16/16] arm64: Register earlycon fixmap with the MMIO guard · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 15/16] arm64: Add a helper to retrieve the PTE of a fixmap · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 15/16] arm64: Add a helper to retrieve the PTE of a fixmap · Quentin Perret <hidden> · 2021-07-20
[PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls · Will Deacon <will@kernel.org> · 2021-07-27
Re: [PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls · Marc Zyngier <maz@kernel.org> · 2021-07-28
Re: [PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls · Will Deacon <will@kernel.org> · 2021-07-30
[PATCH 14/16] arm64: Enroll into KVM's MMIO guard if required · Marc Zyngier <maz@kernel.org> · 2021-07-15
[PATCH 11/16] firmware/smccc: Call arch-specific hook on discovering KVM services · Marc Zyngier <maz@kernel.org> · 2021-07-15
Re: [PATCH 00/16] KVM: arm64: MMIO guard PV services · Andrew Jones <hidden> · 2021-07-21
Re: [PATCH 00/16] KVM: arm64: MMIO guard PV services · Marc Zyngier <maz@kernel.org> · 2021-07-22
Re: [PATCH 00/16] KVM: arm64: MMIO guard PV services · Andrew Jones <hidden> · 2021-07-22
Re: [PATCH 00/16] KVM: arm64: MMIO guard PV services · Marc Zyngier <maz@kernel.org> · 2021-07-22

From: Andrew Jones <hidden>
Date: 2021-07-22 13:25:29
Also in: kvmarm, linux-arm-kernel, lkml

On Thu, Jul 22, 2021 at 11:00:26AM +0100, Marc Zyngier wrote:

On Wed, 21 Jul 2021 22:42:43 +0100,
Andrew Jones [off-list ref] wrote:

quoted

On Thu, Jul 15, 2021 at 05:31:43PM +0100, Marc Zyngier wrote:

quoted

KVM/arm64 currently considers that any memory access outside of a
memslot is a MMIO access. This so far has served us very well, but
obviously relies on the guest trusting the host, and especially
userspace to do the right thing.

As we keep on hacking away at pKVM, it becomes obvious that this trust
model is not really fit for a confidential computing environment, and
that the guest would require some guarantees that emulation only
occurs on portions of the address space that have clearly been
identified for this purpose.

This trust model is hard for me to reason about. userspace is trusted to
control the life cycle of the VM, to prepare the memslots for the VM,
and [presumably] identify what MMIO ranges are valid, yet it's not
trusted to handle invalid MMIO accesses. I'd like to learn more about
this model and the userspace involved.

Imagine the following scenario:

On top of the normal memory described as memslots (which pKVM will
ensure that userspace cannot access),

Ah, I didn't know that part.

a malicious userspace describes
to the guest another memory region in a firmware table and does not
back it with a memslot.

The hypervisor cannot validate this firmware description (imagine
doing ACPI and DT parsing at EL2...), so the guest starts using this
"memory" for something, and data slowly trickles all the way to EL0.
Not what you wanted.

Yes, I see that now, in light of the above.

To ensure that this doesn't happen, we reverse the problem: userspace
(and ultimately the EL1 kernel) doesn't get involved on a translation
fault outside of a memslot *unless* the guest has explicitly asked for
that page to be handled as a MMIO. With that, we have a full
description of the IPA space contained in the S2 page tables:

- memory described via a memslot,
- directly mapped device (GICv2, for exmaple),
- MMIO exposed for emulation

and anything else is an invalid access that results in an abort.

Does this make sense to you?

Now I understand better, but if we're worried about malicious userspaces,
then how do we protect the guest from "bad" MMIO devices that have been
described to it? The guest can request access to those using this new
mechanism.

Thanks,
drew

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help