Re: Stacks, was Segments

On Thu, 6 Feb 2025 20:06:31 +0000, Stephen Fuld wrote:

On 2/6/2025 10:51 AM, EricP wrote:

MitchAlsup1 wrote:

On Thu, 6 Feb 2025 16:41:45 +0000, EricP wrote:
-------------------

Not sure how this would work with device IO and DMA.
Say a secure kernel that owns a disk drive with secrets that even the HV
is not authorized to see (so HV operators don't need Top Secret
clearance).
The Hypervisor has to pass to a hardware device DMA access to a memory
frame that it has no access to itself. How does one block the HV from
setting the IOMMU to DMA the device's secrets into its own memory?
>
Hmmm... something like: once a secure HV passes a physical frame address
to a secure kernel then it cannot take it back, it can only ask that
kernel for it back. Which means that the HV looses control of any
core or IOMMU PTE's that map that frame until it is handed back.
>
That would seem to imply that once an HV gives memory to a secure
guest kernel that it can only page that guest with its permission.
Hmmm...

>
I am a little confused here.  When you talk about I0MMU addresses, are
you talking about memory addresses or disk addresses?

I/O MMU does not see the device commands containing the sector on
the disk to be accessed, Mostly, CPUs write directly to the CRs
of the device to start a command, bypassing I/O MMU as raw data.
In my block diagrams of HostBridge, I show I/O MMU only on the
receiving side of PCIe transport links. all the outbound traffic
has already been translated by a core MMMU, unless one allows
a device to send commands to another device.
I/O MMU sees the virtual address of where DMA is accessing, translating
accordingly.
I/O MMU sees the virtual address of MSI-X interrupts, page faults and
errors.

                                                       ISTM that
protecting memory of lower privileged programs is useless if a higher
privileged program can force a page out to disk, then can read the data
from the disk drive itself.

Protecting a process without privilege from a process WITH privilege
requires more than a little trust in the privileged process(s).
This is why there is a Secure Monitor over HyperVisor to take HV out
of the control loop for "secure stuff". By assuming the duties of
HV wrt accessing unprivileged memory of storage, SM minimizes the
footprint where trust is required.

                             Of course, the same is true for data
written to disk by a lesser privileged program.  If the higher
privileged program can read the file, then it can compromise security.