On Mon, Feb 01, 2021 at 05:51:09PM -0800, David Rientjes wrote: > the new PVALIDATE instruction[1]. This sets the Validated flag in the > Reverse Map Table (RMP) for a guest addressable page, which opts into > hardware and firmware integrity protection. This may only be done by the > guest itself and until that time, the guest cannot access the page. Another important point is that we need to reject (panic) any accepts for memory that have already been accepted, to avoid an attacker replacing memory. This means that any memory requires some metadata. > - Any need for validating memory that is not backed by struct page that > needs to be special-cased We may not have struct page for firmware structures for example. > > - Any concerns about this for the DMA layer It would be needed to handle directly assigned devices because they could do DMA to not yet accepted memory. > > One possibility for minimal disruption to the boot entry code is to > require the guest BIOS to validate 4GB and below, and then leave 4GB and > above to be done lazily (the true amount of memory will actually be less > due to the MMIO hole). This would seem fragile to me, requiring Linux to never access any memory >4GB early. Better would be if Linux accepts everything it needs early by itself. -Andi
