> From: Zhao, Yan Y <yan.y.zhao@xxxxxxxxx> > Sent: Wednesday, March 13, 2024 9:19 AM > > On Tue, Mar 12, 2024 at 09:07:11AM -0700, Sean Christopherson wrote: > > On Tue, Mar 12, 2024, Kevin Tian wrote: > > > I saw the old comment already mentioned that doing so may lead to > unexpected > > > behaviors. But I'm not sure whether such code-level caveat has been > visible > > > enough to end users. > > > What about add a new module parameter to turn on honoring guest for > non-coherent DMAs on CPUs without self-snoop? > A previous example is VFIO's "allow_unsafe_interrupts" parameter. Not sure whether such parameter has a real value. If it's default 'off' then you break those 10yr+ setups and it's unacceptable. If it's default 'on' then same effect as this patch does then I'm not sure who'd want to turn it off afterwards. Somebody aware of such limitation can simply avoid assigning device w/ non-coherent DMA in VM config file instead of further going to toggle the module parameter to prevent something which he already knows not to do. > > > Another point to consider: KVM is _always_ potentially broken on such > CPUs, as > > KVM forces WB for guest accesses. I.e. KVM will create memory aliasing if > the > > host has guest memory mapped as non-WB in the PAT, without non- > coherent DMA > > exposed to the guest. > In this case, memory aliasing may only lead to guest not function well, since > guest is not using WC/UC (which can bypass host initialization data in cache). > But if guest has any chance to read information not intended to it, I believe > we need to fix it as well. Having cache/memory inconsistent could hurt both guest and host. So in concept forcing WB instead of following host attribute on such CPUs is kind of broken, though in reality we may not see an usage of exposing non-WB memory to guest on those old setups as discussed for virtio-gpu case. > > > > > > I would be quite surprised if there are people running untrusted > workloads > > > > on 10+ year old silicon *and* have passthrough devices and non- > coherent > > > > IOMMUs/DMA. > What if the guest is a totally malicious one? > Previously we trust the guest in the case of noncoherent DMA is because > we believe a malicious guest will only meet data corruption and shoot his > own > foot. > > But as Jason raised the security problem in another mail thread [1], > this will expose security hole if CPUs have no self-snoop. So, we need > to fix it, right? > + Jason, in case I didn't understand this problem correctly. > > [1] https://lore.kernel.org/all/20240108153818.GK50406@xxxxxxxxxx/ We'll certain fix the security hole on CPUs w/ self-snoop. In this case CPU accesses are guaranteed to be coherent and the vulnerability can only be exposed via non-coherent DMA which is supposed to be fixed by your coming series. But for old CPUs w/o self-snoop the hole can be exploited using either CPU or non-coherent DMA once the guest PAT is honored. As long as nobody is willing to actually fix the CPU path (is it possible?) I'm kind of convinced by Sean that sustaining the old behavior is probably the best option...
