| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f27e877e-b82b-ec9e-270e-cf8f23130b0b@redhat.com>
Date: Mon, 30 Nov 2020 15:41:41 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Ashish Kalra <Ashish.Kalra@....com>
Cc: cavery@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, mlevitsk@...hat.com,
vkuznets@...hat.com, wei.huang2@....com, thomas.lendacky@....com,
brijesh.singh@....com, jon.grimm@....com
Subject: Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm
On 29/11/20 10:41, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@....com>
>
> This patch breaks SEV guests.
>
> The patch stores current ASID in struct vcpu_svm and only moves it to VMCB in
> svm_vcpu_run(), but by doing so, the ASID allocated for SEV guests and setup
> in vmcb->control.asid by pre_sev_run() gets over-written by this ASID
> stored in struct vcpu_svm and hence, VMRUN fails as SEV guest is bound/activated
> on a different ASID then the one overwritten in vmcb->control.asid at VMRUN.
>
> For example, asid#1 was activated for SEV guest and then vmcb->control.asid is
> overwritten with asid#0 (svm->asid) as part of this patch in svm_vcpu_run() and
> hence VMRUN fails.
>
Thanks Ashish, I've sent a patch to fix it.
Would it be possible to add a minimal SEV test to
tools/testing/selftests/kvm? It doesn't have to do full attestation
etc., if you can just write an "out" instruction using SEV_DBG_ENCRYPT
and check that you can run it that's enough.
Paolo
Powered by blists - more mailing lists