| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Nov 2020 21:06:15 +0000
From: Ashish Kalra <ashish.kalra@....com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: cavery@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, mlevitsk@...hat.com,
vkuznets@...hat.com, wei.huang2@....com, thomas.lendacky@....com,
brijesh.singh@....com, jon.grimm@....com
Subject: Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm
Hello Paolo,
I believe one of my teammates is currently working on adding a KVM
selftest for SEV and SEV-ES.
Thanks,
Ashish
On Mon, Nov 30, 2020 at 03:41:41PM +0100, Paolo Bonzini wrote:
> On 29/11/20 10:41, Ashish Kalra wrote:
> > From: Ashish Kalra <ashish.kalra@....com>
> >
> > This patch breaks SEV guests.
> >
> > The patch stores current ASID in struct vcpu_svm and only moves it to VMCB in
> > svm_vcpu_run(), but by doing so, the ASID allocated for SEV guests and setup
> > in vmcb->control.asid by pre_sev_run() gets over-written by this ASID
> > stored in struct vcpu_svm and hence, VMRUN fails as SEV guest is bound/activated
> > on a different ASID then the one overwritten in vmcb->control.asid at VMRUN.
> >
> > For example, asid#1 was activated for SEV guest and then vmcb->control.asid is
> > overwritten with asid#0 (svm->asid) as part of this patch in svm_vcpu_run() and
> > hence VMRUN fails.
> >
>
> Thanks Ashish, I've sent a patch to fix it.
>
> Would it be possible to add a minimal SEV test to
> tools/testing/selftests/kvm? It doesn't have to do full attestation etc.,
> if you can just write an "out" instruction using SEV_DBG_ENCRYPT and check
> that you can run it that's enough.
>
> Paolo
>
Powered by blists - more mailing lists