| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Dec 2020 22:09:16 +0000
From: Ashish Kalra <Ashish.Kalra@....com>
To: pbonzini@...hat.com
Cc: tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
rkrcmar@...hat.com, joro@...tes.org, bp@...e.de,
thomas.lendacky@....com, x86@...nel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, srutherford@...gle.com,
venu.busireddy@...cle.com, brijesh.singh@....com
Subject: [PATCH v9 18/18] KVM: SVM: Bypass DBG_DECRYPT API calls for unecrypted guest memory.
From: Ashish Kalra <ashish.kalra@....com>
For all explicitly unecrypted guest memory regions such as S/W IOTLB
bounce buffers, dma_decrypted() allocated regions and for guest regions
marked as "__bss_decrypted", ensure that DBG_DECRYPT API calls are
bypassed for such regions. The guest memory regions encryption status
is referenced using the page encryption bitmap.
Uses the two added infrastructure functions hva_to_memslot() and
hva_to_gfn().
Signed-off-by: Ashish Kalra <ashish.kalra@....com>
---
arch/x86/kvm/svm/sev.c | 76 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 83565e35fa09..da002945a5ae 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -764,6 +764,37 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr,
return ret;
}
+static struct kvm_memory_slot *hva_to_memslot(struct kvm *kvm,
+ unsigned long hva)
+{
+ struct kvm_memslots *slots = kvm_memslots(kvm);
+ struct kvm_memory_slot *memslot;
+
+ kvm_for_each_memslot(memslot, slots) {
+ if (hva >= memslot->userspace_addr &&
+ hva < memslot->userspace_addr +
+ (memslot->npages << PAGE_SHIFT))
+ return memslot;
+ }
+
+ return NULL;
+}
+
+static bool hva_to_gfn(struct kvm *kvm, unsigned long hva, gfn_t *gfn)
+{
+ struct kvm_memory_slot *memslot;
+ gpa_t gpa_offset;
+
+ memslot = hva_to_memslot(kvm, hva);
+ if (!memslot)
+ return false;
+
+ gpa_offset = hva - memslot->userspace_addr;
+ *gfn = ((memslot->base_gfn << PAGE_SHIFT) + gpa_offset) >> PAGE_SHIFT;
+
+ return true;
+}
+
static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
{
unsigned long vaddr, vaddr_end, next_vaddr;
@@ -793,6 +824,50 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
for (; vaddr < vaddr_end; vaddr = next_vaddr) {
int len, s_off, d_off;
+ if (dec) {
+ struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
+ struct page *src_tpage = NULL;
+ gfn_t gfn_start;
+ int srcu_idx;
+
+ /* ensure hva_to_gfn translations remain valid */
+ srcu_idx = srcu_read_lock(&kvm->srcu);
+ if (!hva_to_gfn(kvm, vaddr, &gfn_start)) {
+ srcu_read_unlock(&kvm->srcu, srcu_idx);
+ return -EINVAL;
+ }
+ if (sev->page_enc_bmap) {
+ if (!test_bit(gfn_start, sev->page_enc_bmap)) {
+ src_tpage = alloc_page(GFP_KERNEL);
+ if (!src_tpage) {
+ srcu_read_unlock(&kvm->srcu, srcu_idx);
+ return -ENOMEM;
+ }
+ /*
+ * Since user buffer may not be page aligned, calculate the
+ * offset within the page.
+ */
+ s_off = vaddr & ~PAGE_MASK;
+ d_off = dst_vaddr & ~PAGE_MASK;
+ len = min_t(size_t, (PAGE_SIZE - s_off), size);
+
+ if (copy_from_user(page_address(src_tpage),
+ (void __user *)(uintptr_t)vaddr, len)) {
+ __free_page(src_tpage);
+ srcu_read_unlock(&kvm->srcu, srcu_idx);
+ return -EFAULT;
+ }
+ if (copy_to_user((void __user *)(uintptr_t)dst_vaddr,
+ page_address(src_tpage), len)) {
+ ret = -EFAULT;
+ }
+ __free_page(src_tpage);
+ srcu_read_unlock(&kvm->srcu, srcu_idx);
+ goto already_decrypted;
+ }
+ }
+ }
+
/* lock userspace source and destination page */
src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0);
if (IS_ERR(src_p))
@@ -837,6 +912,7 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
sev_unpin_memory(kvm, src_p, n);
sev_unpin_memory(kvm, dst_p, n);
+already_decrypted:
if (ret)
goto err;
--
2.17.1
Powered by blists - more mailing lists