| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Mar 2020 13:05:08 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
hpa@...or.com, Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
kvm@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org
Cc: Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Arvind Sankar <nivedita@...m.mit.edu>,
Fenghua Yu <fenghua.yu@...el.com>,
Tony Luck <tony.luck@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Xiaoyao Li <xiaoyao.li@...el.com>
Subject: [PATCH v5 0/9] x86/split_lock: Add feature split lock detection
This series aims to add the virtualization of split lock detection for
guest, while containing some fixes of native kernel split lock handling.
Note, this series is based on the kernel patch[1].
Patch 1 is the fix and enhancement for kernel split lock detction. It
ensures X86_FEATURE_SPLIT_LOCK_DETECT flag is set after verifying the
feature is really supported. And it explicitly turn off split lock when
sld_off instead of assuming BIOS/firmware leaves it cleared.
Patch 2 optimizes the runtime MSR accessing.
Patch 3-4 are the preparation for enabling split lock detection
virtualization in KVM.
Patch 5 fixes the issue tht malicious guest may exploit kvm emulator to
attcact host kernel.
Patch 6 handles guest's split lock when host truns split lock detect on.
Patch 7-9 implement the virtualization of split lock detection in kvm.
[1]: https://lore.kernel.org/lkml/158031147976.396.8941798847364718785.tip-bot2@tip-bot2/
v5:
- Use X86_FEATURE_SPLIT_LOCK_DETECT flag in kvm to ensure split lock
detection is really supported.
- Add and export sld related helper functions in their related usecase
kvm patches.
v4:
- Add patch 1 to rework the initialization flow of split lock
detection.
- Drop percpu MSR_TEST_CTRL cache, just use a static variable to cache
the reserved/unused bit of MSR_TEST_CTRL. [Sean]
- Add new option for split_lock_detect kernel param.
- Changlog refinement. [Sean]
- Add a new patch to enable MSR_TEST_CTRL for intel guest. [Sean]
Xiaoyao Li (9):
x86/split_lock: Rework the initialization flow of split lock detection
x86/split_lock: Avoid runtime reads of the TEST_CTRL MSR
x86/split_lock: Re-define the kernel param option for
split_lock_detect
x86/split_lock: Export handle_user_split_lock()
kvm: x86: Emulate split-lock access as a write
kvm: vmx: Extend VMX's #AC interceptor to handle split lock #AC
happens in guest
kvm: x86: Emulate MSR IA32_CORE_CAPABILITIES
kvm: vmx: Enable MSR_TEST_CTRL for intel guest
x86: vmx: virtualize split lock detection
.../admin-guide/kernel-parameters.txt | 5 +-
arch/x86/include/asm/cpu.h | 23 +++-
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kernel/cpu/intel.c | 119 +++++++++++++-----
arch/x86/kernel/traps.c | 2 +-
arch/x86/kvm/cpuid.c | 7 +-
arch/x86/kvm/vmx/vmx.c | 75 ++++++++++-
arch/x86/kvm/vmx/vmx.h | 1 +
arch/x86/kvm/x86.c | 42 ++++++-
9 files changed, 229 insertions(+), 46 deletions(-)
--
2.20.1
Powered by blists - more mailing lists