Re: Linux guest kernel threat model for Confidential Computing

From: Michael S. Tsirkin
Date: Mon Jan 30 2023 - 10:17:07 EST

Next message: Jerome Brunet: "[PATCH v2 net-next 2/2] net: mdio: add amlogic gxl mdio mux support"
Previous message: Jerome Brunet: "[PATCH v2 net-next 1/2] dt-bindings: net: add amlogic gxl mdio multiplexer"
In reply to: Kirill A. Shutemov: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 30, 2023 at 03:00:52PM +0300, Kirill A. Shutemov wrote:
> On Mon, Jan 30, 2023 at 12:36:34PM +0100, Christophe de Dinechin wrote:
> > Is there for example anything that precludes TDX or SEV from executing
> > code in the bounce buffers?
>
> In TDX, attempt to fetch instructions from shared memory (i.e. bounce
> buffer) will cause #GP, only data fetch is allowed. Page table also cannot
> be placed there and will cause the same #GP.

Same with SEV IIRC.

--
MST

Next message: Jerome Brunet: "[PATCH v2 net-next 2/2] net: mdio: add amlogic gxl mdio mux support"
Previous message: Jerome Brunet: "[PATCH v2 net-next 1/2] dt-bindings: net: add amlogic gxl mdio multiplexer"
In reply to: Kirill A. Shutemov: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]