| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Nov 2022 15:36:09 -0600
From: "Kalra, Ashish" <ashish.kalra@....com>
To: Peter Gonda <pgonda@...gle.com>, Alper Gun <alpergun@...gle.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
jroedel@...e.de, thomas.lendacky@....com, hpa@...or.com,
ardb@...nel.org, pbonzini@...hat.com, seanjc@...gle.com,
vkuznets@...hat.com, jmattson@...gle.com, luto@...nel.org,
dave.hansen@...ux.intel.com, slp@...hat.com, peterz@...radead.org,
srinivas.pandruvada@...ux.intel.com, rientjes@...gle.com,
dovmurik@...ux.ibm.com, tobin@....com, bp@...en8.de,
michael.roth@....com, vbabka@...e.cz, kirill@...temov.name,
ak@...ux.intel.com, tony.luck@...el.com, marcorr@...gle.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, dgilbert@...hat.com,
jarkko@...nel.org
Subject: Re: [PATCH Part2 v6 39/49] KVM: SVM: Introduce ops for the post gfn
map and unmap
On 11/17/2022 2:18 PM, Peter Gonda wrote:
> On Wed, Aug 17, 2022 at 9:47 PM Alper Gun <alpergun@...gle.com> wrote:
>>
>> On Mon, Jun 20, 2022 at 4:12 PM Ashish Kalra <Ashish.Kalra@....com> wrote:
>>>
>>> From: Brijesh Singh <brijesh.singh@....com>
>>>
>>> When SEV-SNP is enabled in the guest VM, the guest memory pages can
>>> either be a private or shared. A write from the hypervisor goes through
>>> the RMP checks. If hardware sees that hypervisor is attempting to write
>>> to a guest private page, then it triggers an RMP violation #PF.
>>>
>>> To avoid the RMP violation with GHCB pages, added new post_{map,unmap}_gfn
>>> functions to verify if its safe to map GHCB pages. Uses a spinlock to
>>> protect against the page state change for existing mapped pages.
>>>
>>> Need to add generic post_{map,unmap}_gfn() ops that can be used to verify
>>> that its safe to map a given guest page in the hypervisor.
>>>
>>> This patch will need to be revisited later after consensus is reached on
>>> how to manage guest private memory as probably UPM private memslots will
>>> be able to handle this page state change more gracefully.
>>>
>>> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
>>> Signed-off by: Ashish Kalra <ashish.kalra@....com>
>>> ---
>>> arch/x86/include/asm/kvm-x86-ops.h | 1 +
>>> arch/x86/include/asm/kvm_host.h | 3 ++
>>> arch/x86/kvm/svm/sev.c | 48 ++++++++++++++++++++++++++++--
>>> arch/x86/kvm/svm/svm.c | 3 ++
>>> arch/x86/kvm/svm/svm.h | 11 +++++++
>>> 5 files changed, 64 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
>>> index e0068e702692..2dd2bc0cf4c3 100644
>>> --- a/arch/x86/include/asm/kvm-x86-ops.h
>>> +++ b/arch/x86/include/asm/kvm-x86-ops.h
>>> @@ -130,6 +130,7 @@ KVM_X86_OP(vcpu_deliver_sipi_vector)
>>> KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons);
>>> KVM_X86_OP(alloc_apic_backing_page)
>>> KVM_X86_OP_OPTIONAL(rmp_page_level_adjust)
>>> +KVM_X86_OP(update_protected_guest_state)
>>>
>>> #undef KVM_X86_OP
>>> #undef KVM_X86_OP_OPTIONAL
>>> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
>>> index 49b217dc8d7e..8abc0e724f5c 100644
>>> --- a/arch/x86/include/asm/kvm_host.h
>>> +++ b/arch/x86/include/asm/kvm_host.h
>>> @@ -1522,7 +1522,10 @@ struct kvm_x86_ops {
>>> unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu);
>>>
>>> void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu);
>>> +
>>> void (*rmp_page_level_adjust)(struct kvm *kvm, kvm_pfn_t pfn, int *level);
>>> +
>>> + int (*update_protected_guest_state)(struct kvm_vcpu *vcpu);
>>> };
>>>
>>> struct kvm_x86_nested_ops {
>>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>>> index cb2d1bbb862b..4ed90331bca0 100644
>>> --- a/arch/x86/kvm/svm/sev.c
>>> +++ b/arch/x86/kvm/svm/sev.c
>>> @@ -341,6 +341,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
>>> if (ret)
>>> goto e_free;
>>>
>>> + spin_lock_init(&sev->psc_lock);
>>> ret = sev_snp_init(&argp->error);
>>> } else {
>>> ret = sev_platform_init(&argp->error);
>>> @@ -2828,19 +2829,28 @@ static inline int svm_map_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map)
>>> {
>>> struct vmcb_control_area *control = &svm->vmcb->control;
>>> u64 gfn = gpa_to_gfn(control->ghcb_gpa);
>>> + struct kvm_vcpu *vcpu = &svm->vcpu;
>>>
>>> - if (kvm_vcpu_map(&svm->vcpu, gfn, map)) {
>>> + if (kvm_vcpu_map(vcpu, gfn, map)) {
>>> /* Unable to map GHCB from guest */
>>> pr_err("error mapping GHCB GFN [%#llx] from guest\n", gfn);
>>> return -EFAULT;
>>> }
>>>
>>> + if (sev_post_map_gfn(vcpu->kvm, map->gfn, map->pfn)) {
>>> + kvm_vcpu_unmap(vcpu, map, false);
>>> + return -EBUSY;
>>> + }
>>> +
>>> return 0;
>>> }
>>>
>>> static inline void svm_unmap_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map)
>>> {
>>> - kvm_vcpu_unmap(&svm->vcpu, map, true);
>>> + struct kvm_vcpu *vcpu = &svm->vcpu;
>>> +
>>> + kvm_vcpu_unmap(vcpu, map, true);
>>> + sev_post_unmap_gfn(vcpu->kvm, map->gfn, map->pfn);
>>> }
>>>
>>> static void dump_ghcb(struct vcpu_svm *svm)
>>> @@ -3383,6 +3393,8 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op,
>>> return PSC_UNDEF_ERR;
>>> }
>>>
>>> + spin_lock(&sev->psc_lock);
>>> +
>>> write_lock(&kvm->mmu_lock);
>>>
>>> rc = kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level);
>>> @@ -3417,6 +3429,8 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op,
>>>
>>> write_unlock(&kvm->mmu_lock);
>>>
>>> + spin_unlock(&sev->psc_lock);
>>
>> There is a corner case where the psc_lock is not released. If
>> kvm_mmu_get_tdp_walk fails, the lock will be kept and will cause soft
>> lockup.
>>
This is also already fixed for v7.
Thanks,
Ashish
Powered by blists - more mailing lists