| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2ae35ebd-aaed-a3df-c74e-5a3be378b8af@amd.com>
Date: Wed, 20 Oct 2021 13:36:15 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Sean Christopherson <seanjc@...gle.com>,
Joerg Roedel <joro@...tes.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>, x86@...nel.org,
Brijesh Singh <brijesh.singh@....com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Joerg Roedel <jroedel@...e.de>
Subject: Re: [PATCH v5 4/6] KVM: SVM: Add support to handle AP reset MSR
protocol
On 10/20/21 12:40 PM, Sean Christopherson wrote:
> On Wed, Oct 20, 2021, Joerg Roedel wrote:
>
> Tying into above, handling this in SIPI is flawed. For example, if the guest
> does INIT-SIPI-SIPI without a reset hold, KVM would incorrect set sw_exit_info_2
> on the SIPI. Because this mess requires an INIT, KVM has lost track of whether
> the guest was in KVM_MP_STATE_AP_RESET_HOLD and thus can't know if the SIPI
> arrived after a reset hold. Looking at KVM, IIUC, this bug is why the hack
> "received_first_sipi" exists.
The received_first_sipi is because the APs have to be started the very
first time in the traditional way. The AP can't issue an AP reset hold if
it hasn't started to begin with in which case there would be no GHCB mapped.
After the check to see if the GHCB is mapped was added to
sev_vcpu_deliver_sipi_vector(), the "received_first_sipi" could probably
have been deleted at that point.
Thanks,
Tom
Powered by blists - more mailing lists