lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 01:05:32 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Shirong Hao <shirong@...ux.alibaba.com>
Cc:     pbonzini@...hat.com, vkuznets@...hat.com, wanpengli@...cent.com,
        jmattson@...gle.com, joro@...tes.org, tglx@...utronix.de,
        mingo@...hat.co, bp@...en8.de, dave.hansen@...ux.intel.com,
        x86@...nel.org, hpa@...or.com, brijesh.singh@....com,
        thomas.lendacky@....com, john.allen@....com,
        herbert@...dor.apana.org.au, davem@...emloft.net,
        srutherford@...gle.com, ashish.kalra@....com, natet@...gle.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-crypto@...r.kernel.org, zhang.jia@...ux.alibaba.com
Subject: Re: [PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall

On Mon, Jan 10, 2022, Shirong Hao wrote:
> This hypercall is used by the SEV guest to get the firmware handle.

This is completely insufficient to justify why KVM is providing host information
to the guest, let alone why KVM is providing that information to guest _userspace_.

> +static int sev_vm_handle(struct kvm *kvm)
> +{
> +	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> +
> +	if (!sev_guest(kvm))
> +		return -ENOTTY;
> +
> +	return sev->handle;
> +}
> +
>  static struct kvm_x86_ops svm_x86_ops __initdata = {
>  	.name = "kvm_amd",
>  

...

> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 0cf1082455df..24acf0f2a539 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -8906,7 +8906,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
>  		a3 &= 0xFFFFFFFF;
>  	}
>  
> -	if (static_call(kvm_x86_get_cpl)(vcpu) != 0) {
> +	if (static_call(kvm_x86_get_cpl)(vcpu) != 0 && nr != KVM_HC_VM_HANDLE) {
>  		ret = -KVM_EPERM;
>  		goto out;
>  	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ