lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <eac2d02f-951c-16d4-d4f7-55357e790bcd@amd.com>
Date:   Thu, 11 Jun 2020 14:33:12 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>,
        Joerg Roedel <joro@...tes.org>
Cc:     x86@...nel.org, hpa@...or.com, Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Hellstrom <thellstrom@...are.com>,
        Jiri Slaby <jslaby@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Juergen Gross <jgross@...e.com>,
        Kees Cook <keescook@...omium.org>,
        David Rientjes <rientjes@...gle.com>,
        Cfir Cohen <cfir@...gle.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Mike Stunes <mstunes@...are.com>,
        Joerg Roedel <jroedel@...e.de>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH v3 59/75] x86/sev-es: Handle MONITOR/MONITORX Events



On 6/11/20 12:13 PM, Sean Christopherson wrote:
> On Thu, Jun 11, 2020 at 03:10:45PM +0200, Joerg Roedel wrote:
>> On Tue, May 19, 2020 at 11:38:45PM -0700, Sean Christopherson wrote:
>>> On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote:
>>>> +static enum es_result vc_handle_monitor(struct ghcb *ghcb,
>>>> +					struct es_em_ctxt *ctxt)
>>>> +{
>>>> +	phys_addr_t monitor_pa;
>>>> +	pgd_t *pgd;
>>>> +
>>>> +	pgd = __va(read_cr3_pa());
>>>> +	monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax);
>>>> +
>>>> +	ghcb_set_rax(ghcb, monitor_pa);
>>>> +	ghcb_set_rcx(ghcb, ctxt->regs->cx);
>>>> +	ghcb_set_rdx(ghcb, ctxt->regs->dx);
>>>> +
>>>> +	return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0);
>>>
>>> Why?  If SVM has the same behavior as VMX, the MONITOR will be disarmed on
>>> VM-Enter, i.e. the VMM can't do anything useful for MONITOR/MWAIT.  I
>>> assume that's the case given that KVM emulates MONITOR/MWAIT as NOPs on
>>> SVM.
>>
>> Not sure if it is disarmed on VMRUN, but the MONITOR/MWAIT instructions
>> are part of the GHCB spec, so they are implemented here.
> 
> Even if MONITOR/MWAIT somehow works across VMRUN I'm not sure it's something
> the guest should enable by default as it leaks GPAs to the untrusted host,
> with no benefit to the guest except in specific configurations.  Yeah, the
> VMM can muck with page tables to trace guest to the some extent, but the
> guest shouldn't be unnecessarily volunteering information to the host.
> 
> If MONITOR/MWAIT is effectively a NOP then removing this code is a no
> brainer.
> 
> Can someone from AMD chime in?

I don't think there is any guarantee that MONITOR/MWAIT would work within 
a guest (I'd have to dig some more on that to get a definitive answer, but 
probably not necessary to do). As you say, if KVM emulates it as a NOP, 
there's no sense in exposing the GPA - make it a NOP in the handler. I 
just need to poke some other hypervisor vendors and hear what they have to 
say.

Thanks,
Tom


>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ