Re: Runtime Memory Validation in Intel-TDX and AMD-SNP

From: Andi Kleen <hidden>
Date: 2021-07-21 00:35:33
Also in: linux-mm

Possibly related (same subject, not in this thread)

2021-08-02 · Re: Runtime Memory Validation in Intel-TDX and AMD-SNP · David Hildenbrand <hidden>
2021-08-02 · Re: Runtime Memory Validation in Intel-TDX and AMD-SNP · Joerg Roedel <joro@8bytes.org>
2021-07-27 · Re: Runtime Memory Validation in Intel-TDX and AMD-SNP · David Hildenbrand <hidden>
2021-07-27 · Re: Runtime Memory Validation in Intel-TDX and AMD-SNP · Erdem Aktas <hidden>
2021-07-26 · Re: Runtime Memory Validation in Intel-TDX and AMD-SNP · Kirill A. Shutemov <hidden>

On Tue, Jul 20, 2021 at 04:55:22PM -0700, Erdem Aktas wrote:

Thank you so much for your answer and sorry for keeping the discussion long.

On Tue, Jul 20, 2021 at 3:01 PM Andi Kleen [off-list ref] wrote:

quoted

You mean when the TDVF is changed? In this case the unaccepted memory
will be a different memory type, so not lazy accept enabled kernels wouldn't
use it.

Thanks Andi for the clarification. I also saw the Kirill's answer. It
makes sense.

quoted

But for the kexec crash case it would be just attacks against the crash
dump, which I assume are not a real security concern.

If the crash kernel is compromised, it can be used to dump the
customer memory content  to a shared location which is a real security
concern, is it not?

This wouldn't be about compromising the crash kernel, but just about
inserting random zeroed pages into the crash dump. I assume the crash
parsing tools can handle corrupted data, it certainly happens often
enough with real dumps.

The crash kernel itself would need to be properly pre validated/accepted of
course, but that will likely happen when it loads. And the memory
it uses could be re-accepted as long as it only happens before it
is actually used (at least on Intel, there might be still the issue
Joern pointed out on AMD, but I guess there it could be avoided 
by just pre accepting everything and setting up a suitable memory
map)

BTW with our current plan of disabling the #VE i don't think
it can happen anyways.

quoted

The crash kexec
mostly runs in its own memory, which doesn't need this, or is small
enough that it can be fully pre-accepted. And for the previous memory
view probably these issues are acceptable.

I think this is where I am getting confused. I agree that we can copy
the crashkernel to its own memory (all accepted) and run it. My
confusion is: crash kernel will dump the memory which might have some
shared pages between. we have 3 options:
1- We can either accept all the pages again, that includes the shared
pages and lose the content of it. If we do not care about the content
in shared pages, then this is okay.

On TDX this would lead to clearing the pages, which is definitely
not what you want for a crash dump.

2- Have a mechanism to transfer the private/shared page mapping and
map all the pages accordingly before dumping.

FWIW we have very little shared mappings, and I suspect their
content is probably not super important for debugging (no
kernel data structures there). So even if you lost shared
mappings for crash dumps it likely wouldn't be a problem.

But actually it should just work.

-Andi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help