| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YPIoaoDCjNVzn2ZM@google.com>
Date: Sat, 17 Jul 2021 00:46:34 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
npmccallum@...hat.com, brijesh.ksingh@...il.com
Subject: Re: [PATCH Part2 RFC v4 25/40] KVM: SVM: Reclaim the guest pages
when SEV-SNP VM terminates
On Fri, Jul 16, 2021, Brijesh Singh wrote:
>
> On 7/16/21 3:09 PM, Sean Christopherson wrote:
> > On Wed, Jul 07, 2021, Brijesh Singh wrote:
> >> + e = snp_lookup_page_in_rmptable(region->pages[i], &level);
> >> + if (unlikely(!e))
> >> + continue;
> >> +
> >> + /* If its not a guest assigned page then skip it. */
> >> + if (!rmpentry_assigned(e))
> >> + continue;
> >> +
> >> + /* Is the page part of a 2MB RMP entry? */
> >> + if (level == PG_LEVEL_2M) {
> >> + val.pagesize = RMP_PG_SIZE_2M;
> >> + pfn &= ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1);
> >> + } else {
> >> + val.pagesize = RMP_PG_SIZE_4K;
> > This raises yet more questions (for me) as to the interaction between Page-Size
> > and Hyperivsor-Owned flags in the RMP. It also raises questions on the correctness
> > of zeroing the RMP entry if KVM_SEV_SNP_LAUNCH_START (in the previous patch).
>
> I assume you mean the LAUNCH_UPDATE because that's when we need to
> perform the RMPUPDATE.
Doh, yes.
> The hypervisor owned means all zero in the RMP entry.
Figured out where I went wrong after reading the RMPUDPATE pseudocode. RMPUPDATE
takes the page size as a parameter even though it unconditionally zeros the page
size flag in the RMP entry for unassigned pages.
A wrapper around rmpupdate() would definitely help, e.g. (though level might need
to be an "int" to avoid a bunch of casts).
int rmp_make_shared(u64 pfn, enum pg_level level);
Wrappers for "private" and "firmware" would probably be helpful too. And if you
do that, I think you can bury both "struct rmpupdate", rmpupdate(), and
X86_TO_RMP_PG_LEVEL() in arch/x86/kernel/sev.c. snp_set_rmptable_state() might
need some refactoring to avoid three booleans, but I guess maybe that could be
an exception? Not sure. Anyways, was thinking something like:
int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid);
int rmp_make_firmware(u64 pfn);
It would consolidate a bit of code, and more importantly it would give visual
cues to the reader, e.g. it's easy to overlook "val = {0}" meaning "make shared".
Side topic, what happens if a firmware entry is configured with page_size=1?
And one architectural question: what prevents a malicious VMM from punching a 4k
shared page into a 2mb private page? E.g.
rmpupdate(1 << 20, [private, 2mb]);
rmpupdate(1 << 20 + 4096, [shared, 4kb]);
I don't see any checks in the pseudocode that will detect this, and presumably the
whole point of a 2mb private RMP entry is to not have to go walk the individual
4kb entries on a private access.
NEW_RMP = READ_MEM.o [NEW_RMP_PTR]
IF ((NEW_RMP.PAGE_SIZE == 2MB) && (SYSTEM_PA[20:12] != 0)) <-- not taken, 4kb entry
EAX = FAIL_INPUT
EXIT
IF (!NEW_RMP.ASSIGNED && (NEW_RMP.IMMUTABLE || (NEW_RMP.ASID != 0)) <-- not taken, new entry valid
EAX = FAIL_INPUT
EXIT
RMP_ENTRY_PA = RMP_BASE + 0x4000 + (SYSTEM_PA / 0x1000) * 16
IF (RMP_ENTRY_PA > RMP_END)
EAX = FAIL_INPUT
EXIT
// System address must have an RMP entry
OLD_RMP = READ_MEM_PA.o [RMP_ENTRY_PA]
IF (OLD_RMP.IMMUTABLE) <-- passes, private entry not immutable
EAX = FAIL_PERMISSION
EXIT
IF (NEW_RMP.PAGE_SIZE == 4KB)
IF ((SYSTEM_PA[20:12] == 0) && (OLD_RMP.PAGE_SIZE == 2MB)) <- not taken, PA[12] == 1
EAX = FAIL_OVERLAP
EXIT
ELSE
IF (Any 4KB RMP entry with (RMP.ASSIGNED == 1) exists in 2MB region)
EAX = FAIL_OVERLAP
EXIT
ELSE
FOR (I = 1; I < 512, I++) {
temp_RMP = 0
temp_RMP.ASSIGNED = NEW_RMP.ASSIGNED
WRITE_MEM.o [RMP_ENTRY_PA + I * 16] = temp_RMP;
}
Powered by blists - more mailing lists