lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Dec 2022 22:46:24 +0000
From:   Andrew Cooper <Andrew.Cooper3@...rix.com>
To:     Sean Christopherson <seanjc@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "x86@...nel.org" <x86@...nel.org>
CC:     "H. Peter Anvin" <hpa@...or.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Guilherme G . Piccoli" <gpiccoli@...lia.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        "stable@...r.kernel" <stable@...r.kernel>,
        Andrew Cooper <Andrew.Cooper3@...rix.com>
Subject: Re: [PATCH v4 2/4] x86/virt: Force GIF=1 prior to disabling SVM (for
 reboot flows)

On 30/11/2022 23:36, Sean Christopherson wrote:
> diff --git a/arch/x86/include/asm/virtext.h b/arch/x86/include/asm/virtext.h
> index 8757078d4442..0acb14806a74 100644
> --- a/arch/x86/include/asm/virtext.h
> +++ b/arch/x86/include/asm/virtext.h
> @@ -126,7 +126,18 @@ static inline void cpu_svm_disable(void)
>  
>  	wrmsrl(MSR_VM_HSAVE_PA, 0);
>  	rdmsrl(MSR_EFER, efer);
> -	wrmsrl(MSR_EFER, efer & ~EFER_SVME);
> +	if (efer & EFER_SVME) {
> +		/*
> +		 * Force GIF=1 prior to disabling SVM, e.g. to ensure INIT and
> +		 * NMI aren't blocked.  Eat faults on STGI, as it #UDs if SVM
> +		 * isn't enabled and SVM can be disabled by an NMI callback.

I'd be tempted to tweak this for clarity.

How about "We don't know the state of GIF, and if NMIs are enabled,
there is a race condition where EFER.SVME can be cleared behind our
back.  Ignore #UD, and force GIF=1 in case INIT/NMI are currently
blocked."  ?

The STGI can't actually #UD on real hardware, because SKINIT and SVM
exist in identical sets of parts, but it can #UD in principle in a VM
which doesn't offer emulate SKINIT.

Given that we are in cpu_svm_disable(), there's also
MSR_VM_CR.INIT_REDIRECTION to consider, but perhaps that's better left
to the series which adds SKINIT support.

~Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ