lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210302135031.afc28d2efc2d5ead57983d21@intel.com>
Date:   Tue, 2 Mar 2021 13:50:31 +1300
From:   Kai Huang <kai.huang@...el.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     kvm@...r.kernel.org, x86@...nel.org, linux-sgx@...r.kernel.org,
        linux-kernel@...r.kernel.org, jarkko@...nel.org, luto@...nel.org,
        dave.hansen@...el.com, rick.p.edgecombe@...el.com,
        haitao.huang@...el.com, pbonzini@...hat.com, bp@...en8.de,
        tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        jmattson@...gle.com, joro@...tes.org, vkuznets@...hat.com,
        wanpengli@...cent.com
Subject: Re: [PATCH 19/25] KVM: VMX: Add basic handling of VM-Exit from SGX
 enclave

On Mon, 1 Mar 2021 08:52:13 -0800 Sean Christopherson wrote:
> On Mon, Mar 01, 2021, Kai Huang wrote:
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index 50810d471462..df8e338267aa 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -1570,12 +1570,18 @@ static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
> >  
> >  static bool vmx_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int insn_len)
> >  {
> > +	if (to_vmx(vcpu)->exit_reason.enclave_mode) {
> > +		kvm_queue_exception(vcpu, UD_VECTOR);
> 
> Rereading my own code, I think it would be a good idea to add a comment here
> explaining that injecting #UD is technically wrong, but avoids giving guest
> userspace an easy way to DoS the guest.  The EPT misconfig is a good example;
> guest userspace could have executed a simple MOV <reg>, <mem> instruction, in
> which case injecting a #UD is bizarre behavior.  But, the alternative is exiting
> to userspace with KVM_INTERNAL_ERROR_EMULATION, which is all but guaranteed to
> kill the guest.
> 
> If KVM, specifically handle_emulation_failure(), ever gains a more sophisticated
> mechanism for handling userspace emulation errors, this should be updated too.
> 
> 	/*
> 	 * Emulation of instructions in SGX enclaves is impossible as RIP does
> 	 * not point  tthe failing instruction, and even if it did, the code
> 	 * stream is inaccessible.  Inject #UD instead of exiting to userspace
> 	 * so that guest userspace can't DoS the guest simply by triggering
> 	 * emulation (enclaves are CPL3 only).
> 	 */

Agreed. Will add above comment.

> 
> > +		return false;
> > +	}
> >  	return true;
> >  }
> 
> ...
> 
> > @@ -5384,6 +5415,9 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
> >  {
> >  	gpa_t gpa;
> >  
> > +	if (!vmx_can_emulate_instruction(vcpu, NULL, 0))
> > +		return 1;
> > +
> >  	/*
> >  	 * A nested guest cannot optimize MMIO vmexits, because we have an
> >  	 * nGPA here instead of the required GPA.
> > -- 
> > 2.29.2
> > 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ