On Wed, 2021-08-18 at 16:43 +0100, Dr. David Alan Gilbert wrote: > * James Bottomley (jejb@xxxxxxxxxxxxx) wrote: [...] > > Given the lack of SMI, we can't guarantee that with plain SEV and > > -ES. Once we move to -SNP, we can use VMPLs to achieve this. > > Doesn't the MH have access to different slots and running on separate > vCPUs; so it's still got some separation? Remember that the OVMF code is provided by the host, but its attested to and run by the guest. Once the guest takes control (i.e. after OVMF boots the next thing), we can't guarantee that it wont overwrite the MH code, so the host must treat the MH as untrusted. > > But realistically, given the above API, even if the guest is > > malicious, what can it do? I think it's simply return bogus pages > > that cause a crash on start after migration, which doesn't look > > like a huge risk to the cloud to me (it's more a self destructive > > act on behalf of the guest). > > I'm a bit worried about the data structures that are shared between > the migration code in qemu and the MH; the code in qemu is going to > have to be paranoid about not trusting anything coming from the MH. Given that we have to treat the host MH structure as untrusted, this is definitely something we have to do. Although the primary API is simply "here's a buffer, please fill it", so there's not much checking to do, we just have to be careful that we don't expose any more of the buffer than the guest needs to write to ... and, obviously, clean it before exposing it to the guest. James
