[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] virtio_pci: Limit DMA mask to 44 bits for le
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices |
|
Date: |
Wed, 14 Sep 2016 16:27:51 +0300 |
On Wed, Sep 14, 2016 at 03:07:58PM +0200, Paolo Bonzini wrote:
>
>
> On 14/09/2016 15:05, Michael S. Tsirkin wrote:
> > I assumed that with debug on, memory is still encrypted but the
> > hypervisor can break encryption, and as the cover letter states, the
> > hypervisor is assumed benign. If true I don't see a need to
> > give users more rope.
>
> The hypervisor is assumed benign but vulnerable.
Vulnerable to information leaks, yes.
> So, if somebody breaks the hypervisor, you would like to make it as hard
> as possible
We don't just do this at random. Need some proof it's actually
making things harder.
> for the attacker to do evil stuff to the guests.
Break as in make it do things? This is a possible model, but this is
not what the cover letter states.
As far as I can tell, encrypting memory does not protect against an
attacker that can execute code in the hypervisor, if only for the
reason that a lot of guest info is not in memory as CPU always accesses
memory through registers.
> If the
> attacker can just ask the secure processor "decrypt some memory for me",
> then the encryption is effectively broken.
>
> Paolo
Not at all, if all you have is hypervisor read-anywhere access,
then that is not broken. This seems to be the threat model that
the patchset targets, again based on the cover letter.
--
MST
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, (continued)
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/15
- Re: [Qemu-devel] [PATCH v2] virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices,
Michael S. Tsirkin <=
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14