On Fri, Jul 26, 2024 at 8:42 PM Srivatsa Vaddagiri <quic_svaddagi@xxxxxxxxxxx> wrote: > > * Jason Wang <jasowang@xxxxxxxxxx> [2024-07-26 10:47:59]: > > > > 2) For PCI pass-through devices, we are concerned of letting VMM be in charge of > > > emulating the complete configuration space (how can VM defend against invalid > > > attributes presented for passthr devices)? > > > > Virtio driver has been hardened for this, for example: > > > > commit 72b5e8958738aaa453db5149e6ca3bcf416023b9 > > Author: Jason Wang <jasowang@xxxxxxxxxx> > > Date: Fri Jun 4 13:53:50 2021 +0800 > > > > virtio-ring: store DMA metadata in desc_extra for split virtqueue > > > > More hardening work is ongoing. > > I think above change is not sufficient for what we are looking for. In > particular for pass-through PCI devices, we are concerned that a untrusted > (compromised?) VMM can return invalid attributes when the confidential VM reads > the configuration space. Yes it is, virtio specific hardening can't cover this, it might need help from the PCI core. > These are PCI devices that may not support TDISP. > Hypervisor, being a trusted entity and controlling the PCI bus emulation > can ensure that the confidential VM sees valid attributes for all devices > (physical and virtual) that are enumerated on the bus. I think I need to understand the difference between hypervisor and VMM here and which one is trusted and not and why. > That's a key reason why > we want hypervisor to emulate access to configuration space of all PCI devices > enumerated by VM. That I think necessitates that hypervisor handle access to > virtio device configuration space as well (even if MSI-X obviates the > performance arguments of hypervisor doing so)! That should be fine, but it means for PCI you need a lot of emulations (e.g Qemu emulate q35) Thanks > > Thanks > vatsa >
