| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Aug 2021 09:25:54 +0200
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
npmccallum@...hat.com, brijesh.ksingh@...il.com
Subject: Re: [PATCH Part1 RFC v4 08/36] x86/sev: check the vmpl level
On Wed, Jul 07, 2021 at 01:14:38PM -0500, Brijesh Singh wrote:
> Virtual Machine Privilege Level (VMPL) is an optional feature in the
> SEV-SNP architecture, which allows a guest VM to divide its address space
> into four levels. The level can be used to provide the hardware isolated
> abstraction layers with a VM. The VMPL0 is the highest privilege, and
> VMPL3 is the least privilege. Certain operations must be done by the VMPL0
> software, such as:
>
> * Validate or invalidate memory range (PVALIDATE instruction)
> * Allocate VMSA page (RMPADJUST instruction when VMSA=1)
>
> The initial SEV-SNP support assumes that the guest kernel is running on
> VMPL0. Let's add a check to make sure that kernel is running at VMPL0
> before continuing the boot. There is no easy method to query the current
> VMPL level, so use the RMPADJUST instruction to determine whether its
> booted at the VMPL0.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> ---
> arch/x86/boot/compressed/sev.c | 41 ++++++++++++++++++++++++++++---
> arch/x86/include/asm/sev-common.h | 1 +
> arch/x86/include/asm/sev.h | 3 +++
> 3 files changed, 42 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
> index 7be325d9b09f..2f3081e9c78c 100644
> --- a/arch/x86/boot/compressed/sev.c
> +++ b/arch/x86/boot/compressed/sev.c
> @@ -134,6 +134,36 @@ static inline bool sev_snp_enabled(void)
> return msr_sev_status & MSR_AMD64_SEV_SNP_ENABLED;
> }
>
> +static bool is_vmpl0(void)
> +{
> + u64 attrs, va;
> + int err;
> +
> + /*
> + * There is no straightforward way to query the current VMPL level. The
So this is not nice at all.
And this VMPL level checking can't be part of the GHCB MSR protocol
because the HV can tell us any VPML level it wants to.
Is there a way to disable VMPL levels and say, this guest should run
only at VMPL0?
Err, I see SYSCFG[VMPLEn]:
"VMPLEn. Bit 25. Setting this bit to 1 enables the VMPL feature (Section
15.36.7 “Virtual Machine Privilege Levels,” on page 580). Software
should set this bit to 1 when SecureNestedPagingEn is being set to 1.
Once SecureNestedPagingEn is set to 1, VMPLEn cannot be changed."
But why should that bit be set if SNP is enabled? Can I run a SNP guest
without VPMLs, i.e, at an implicit VPML level 0?
It says above VPML is optional...
Also, why do you even need to do this at all since the guest controls
and validates its memory with the RMP? It can simply go and check the
VMPLs of every page it owns to make sure it is 0.
Also, if you really wanna support guests with multiple VMPLs, then
prevalidating its memory is going to be a useless exercise because it'll
have to go and revalidate the VMPL levels...
I also see this:
"When the hypervisor assigns a page to a guest using RMPUPDATE, full
permissions are enabled for VMPL0 and are disabled for all other VMPLs."
so you get your memory at VMPL0 by the HV. So what is that check for?
Questions over questions, I'm sure I'm missing an aspect.
> + * simplest method is to use the RMPADJUST instruction to change a page
> + * permission to a VMPL level-1, and if the guest kernel is launched at
> + * at a level <= 1, then RMPADJUST instruction will return an error.
WARNING: Possible repeated word: 'at'
#156: FILE: arch/x86/boot/compressed/sev.c:146:
+ * permission to a VMPL level-1, and if the guest kernel is launched at
+ * at a level <= 1, then RMPADJUST instruction will return an error.
How many times do I have to say:
Please integrate scripts/checkpatch.pl into your patch creation
workflow. Some of the warnings/errors *actually* make sense.
?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists