lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200930041659.28181-1-sean.j.christopherson@intel.com>
Date:   Tue, 29 Sep 2020 21:16:54 -0700
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     Sean Christopherson <sean.j.christopherson@...el.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Lai Jiangshan <jiangshanlai@...il.com>,
        Lai Jiangshan <laijs@...ux.alibaba.com>
Subject: [PATCH 0/5] KVM: x86: Handle reserved CR4 bit interception in VMX

This series stems from Lai's RFC patches to intercept LA57 and let the
guest own FSGSBASE[*].  Discussion and inspection revealed that KVM does
not handle the case where LA57 is supported in hardware but not exposed to
the guest.  This is actually true for all CR4 bits, but LA57 is currently
the only bit that can be reserved and also owned by the guest.  I have
a unit test for this that I'll post separately.

Intercepting LA57 was by far the easiest fix for the immedidate bug, and
is likely the right change in the long term as there's no justification
for letting the guest own LA57.

The middle three patches adjust VMX's CR4 guest/host mask to intercept
reserved bits.  This required reworking CPUID updates to also refresh said
mask at the correct time.

The last past is Lai's, which let's the guest own FSGSBASE.  This depends
on the reserved bit handling being in place.

Ran everything through unit tests, and ran the kernel's FSGSBASE selftests
in a VM.

[*] https://lkml.kernel.org/r/20200928083047.3349-1-jiangshanlai@gmail.com

Lai Jiangshan (2):
  KVM: x86: Intercept LA57 to inject #GP fault when it's reserved
  KVM: x86: Let the guest own CR4.FSGSBASE

Sean Christopherson (3):
  KVM: x86: Invoke vendor's vcpu_after_set_cpuid() after all common
    updates
  KVM: x86: Move call to update_exception_bitmap() into VMX code
  KVM: VMX: Intercept guest reserved CR4 bits to inject #GP fault

 arch/x86/kvm/cpuid.c          |  6 +++---
 arch/x86/kvm/kvm_cache_regs.h |  2 +-
 arch/x86/kvm/vmx/vmx.c        | 18 +++++++++++++-----
 3 files changed, 17 insertions(+), 9 deletions(-)

-- 
2.28.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ