On Mon, Nov 15, 2021 at 10:26 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > On Mon, Nov 15, 2021, Dr. David Alan Gilbert wrote: > > * Sean Christopherson (seanjc@xxxxxxxxxx) wrote: > > > On Fri, Nov 12, 2021, Borislav Petkov wrote: > > > > On Fri, Nov 12, 2021 at 09:59:46AM -0800, Dave Hansen wrote: > > > > > Or, is there some mechanism that prevent guest-private memory from being > > > > > accessed in random host kernel code? > > > > > > Or random host userspace code... > > > > > > > So I'm currently under the impression that random host->guest accesses > > > > should not happen if not previously agreed upon by both. > > > > > > Key word "should". > > > > > > > Because, as explained on IRC, if host touches a private guest page, > > > > whatever the host does to that page, the next time the guest runs, it'll > > > > get a #VC where it will see that that page doesn't belong to it anymore > > > > and then, out of paranoia, it will simply terminate to protect itself. > > > > > > > > So cloud providers should have an interest to prevent such random stray > > > > accesses if they wanna have guests. :) > > > > > > Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong. > > > > Would it necessarily have been a host bug? A guest telling the host a > > bad GPA to DMA into would trigger this wouldn't it? > > No, because as Andy pointed out, host userspace must already guard against a bad > GPA, i.e. this is just a variant of the guest telling the host to DMA to a GPA > that is completely bogus. The shared vs. private behavior just means that when > host userspace is doing a GPA=>HVA lookup, it needs to incorporate the "shared" > state of the GPA. If the host goes and DMAs into the completely wrong HVA=>PFN, > then that is a host bug; that the bug happened to be exploited by a buggy/malicious > guest doesn't change the fact that the host messed up. "If the host goes and DMAs into the completely wrong HVA=>PFN, then that is a host bug; that the bug happened to be exploited by a buggy/malicious guest doesn't change the fact that the host messed up." ^^^ Again, I'm flabbergasted that you are arguing that it's OK for a guest to exploit a host bug to take down host-side processes or the host itself, either of which could bring down all other VMs on the machine. I'm going to repeat -- this is not OK! Period. Again, if the community wants to layer some orchestration scheme between host userspace, host kernel, and guest, on top of the code to inject the #VC into the guest, that's fine. This proposal is not stopping that. In fact, the two approaches are completely orthogonal and compatible. But so far I have heard zero reasons why injecting a #VC into the guest is wrong. Other than just stating that it's wrong. Again, the guest must be able to detect buggy and malicious host-side writes to private memory. Or else "confidential computing" doesn't work. Assuming that's not true is not a valid argument to dismiss injecting a #VC exception into the guest.
