Re: Linux guest kernel threat model for Confidential Computing

From: Kirill A. Shutemov
Date: Mon Jan 30 2023 - 07:01:12 EST

Next message: Linux kernel regression tracking (#adding): "Re: External USB disks not recognized with v6.1.8 when using Xen"
Previous message: Miguel Ojeda: "Re: [PATCH v2 4/5] kbuild: srcrpm-pkg: create source package without cleaning"
In reply to: Christophe de Dinechin: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 30, 2023 at 12:36:34PM +0100, Christophe de Dinechin wrote:
> Is there for example anything that precludes TDX or SEV from executing
> code in the bounce buffers?

In TDX, attempt to fetch instructions from shared memory (i.e. bounce
buffer) will cause #GP, only data fetch is allowed. Page table also cannot
be placed there and will cause the same #GP.

--
Kiryl Shutsemau / Kirill A. Shutemov

Next message: Linux kernel regression tracking (#adding): "Re: External USB disks not recognized with v6.1.8 when using Xen"
Previous message: Miguel Ojeda: "Re: [PATCH v2 4/5] kbuild: srcrpm-pkg: create source package without cleaning"
In reply to: Christophe de Dinechin: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]