| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6f0d243c-4f40-d608-3309-5c37536ab866@intel.com>
Date: Tue, 9 Nov 2021 21:37:38 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Tom Lendacky <thomas.lendacky@....com>,
Paolo Bonzini <pbonzini@...hat.com>
Cc: isaku.yamahata@...il.com,
"Yamahata, Isaku" <isaku.yamahata@...el.com>, x86@...nel.org,
Joerg Roedel <joro@...tes.org>,
Jim Mattson <jmattson@...gle.com>,
Wanpeng Li <wanpengli@...cent.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H . Peter Anvin" <hpa@...or.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>, erdemaktas@...gle.com,
Connor Kuehl <ckuehl@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [RFC PATCH v2 24/69] KVM: x86: Introduce "protected guest"
concept and block disallowed ioctls
On 7/21/2021 6:08 AM, Tom Lendacky wrote:
> On 7/6/21 8:59 AM, Paolo Bonzini wrote:
>> On 03/07/21 00:04, isaku.yamahata@...el.com wrote:
>>> From: Sean Christopherson <sean.j.christopherson@...el.com>
>>>
>>> Add 'guest_state_protected' to mark a VM's state as being protected by
>>> hardware/firmware, e.g. SEV-ES or TDX-SEAM. Use the flag to disallow
>>> ioctls() and/or flows that attempt to access protected state.
>>>
>>> Return an error if userspace attempts to get/set register state for a
>>> protected VM, e.g. a non-debug TDX guest. KVM can't provide sane data,
>>> it's userspace's responsibility to avoid attempting to read guest state
>>> when it's known to be inaccessible.
>>>
>>> Retrieving vCPU events is the one exception, as the userspace VMM is
>>> allowed to inject NMIs.
>>>
>>> Co-developed-by: Xiaoyao Li <xiaoyao.li@...el.com>
>>> Signed-off-by: Xiaoyao Li <xiaoyao.li@...el.com>
>>> Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
>>> Signed-off-by: Isaku Yamahata <isaku.yamahata@...el.com>
>>> ---
>>> arch/x86/kvm/x86.c | 104 +++++++++++++++++++++++++++++++++++++--------
>>> 1 file changed, 86 insertions(+), 18 deletions(-)
>>
>> Looks good, but it should be checked whether it breaks QEMU for SEV-ES.
>> Tom, can you help?
>
> Sorry to take so long to get back to you... been really slammed, let me
> look into this a bit more. But, some quick thoughts...
>
> Offhand, the SMI isn't a problem since SEV-ES doesn't support SMM.
>
> For kvm_vcpu_ioctl_x86_{get,set}_xsave(), can TDX use what was added for
> SEV-ES:
> ed02b213098a ("KVM: SVM: Guest FPU state save/restore not needed for SEV-ES guest")
>
> Same for kvm_arch_vcpu_ioctl_{get,set}_fpu().
Tom,
I think what you did in this commit is not so correct. It just silently
ignores the ioctls insteaf of returning an error to userspace to tell
this IOCTL is not invalid to this VM. E.g., for
kvm_arch_vcpu_ioctl_get_fpu(), QEMU just gets it succesful with fpu
being all zeros.
So Paolo, what's your point on this?
> The changes to kvm_arch_vcpu_ioctl_{get,set}_sregs() might cause issues,
> since there are specific things allowed in __{get,set}_sregs. But I'll
> need to dig a bit more on that.
>
> Thanks,
> Tom
>
Powered by blists - more mailing lists