lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180622185237.GC5549@flask>
Date:   Fri, 22 Jun 2018 20:52:38 +0200
From:   Radim Krčmář <rkrcmar@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     KVM <kvm@...r.kernel.org>, Joerg Roedel <joro@...tes.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Tony Luck <tony.luck@...el.com>,
        Yazen Ghannam <Yazen.Ghannam@....com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/3] x86/kvm: Implement MSR_HWCR support

2018-06-22 11:51+0200, Borislav Petkov:
> From: Borislav Petkov <bp@...e.de>
> 
> The hardware configuration register has some useful bits which can be
> used by guests. Implement McStatusWrEn which can be used by guests when
> injecting MCEs with the in-kernel mce-inject module.
> 
> For that, we need to set bit 18 - McStatusWrEn - first, before writing
> the MCi_STATUS registers (otherwise we #GP).
> 
> Add the required machinery to do so.
> 
> Signed-off-by: Borislav Petkov <bp@...e.de>
> ---
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> @@ -2146,6 +2146,30 @@ static void kvmclock_sync_fn(struct work_struct *work)
>  					KVMCLOCK_SYNC_PERIOD);
>  }
>  
> +/*
> + * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP.
> + */
> +static bool __set_mci_status(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> +{
> +	if (guest_cpuid_is_amd(vcpu)) {
> +		struct msr_data tmp;
> +
> +		tmp.index = MSR_K7_HWCR;
> +
> +		if (kvm_x86_ops->get_msr(vcpu, &tmp))
> +			return false;
> +
> +		/* McStatusWrEn enabled? */
> +		if (tmp.data & BIT_ULL(18))
> +			return true;
> +	}
> +
> +	if (!msr_info->host_initiated && msr_info->data != 0)
> +		return false;

msr_info->host_initiated is always going to return true, so it would be
better to put it outside of __set_mci_status.

Maybe we could just write the whole logic inline, otherwise I'd call it
something like mci_status_is_writeable.

>  static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  {
>  	u64 mcg_cap = vcpu->arch.mcg_cap;
> @@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  			if ((offset & 0x3) == 0 &&
>  			    data != 0 && (data | (1 << 10)) != ~(u64)0)
>  				return -1;
> -			if (!msr_info->host_initiated &&
> -				(offset & 0x3) == 1 && data != 0)
> -				return -1;
> +
> +			/* MCi_STATUS */
> +			if ((offset & 0x3) == 1) {
> +				if (!__set_mci_status(vcpu, msr_info))
> +					return -1;
> +			}

			if (!msr_info->host_initiated &&
			    (offset & 0x3) == 1 && data != 0) {
				struct msr_data tmp = {.index = MSR_K7_HWCR};

				if (!guest_cpuid_is_amd(vcpu) ||
				    !kvm_x86_ops->get_msr(vcpu, &tmp) ||
				    !(tmp.data & BIT_ULL(18)))
					return -1;
			}

> +
>  			vcpu->arch.mce_banks[offset] = data;
>  			break;
>  		}
> -- 
> 2.17.0.582.gccdcbd54c
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ