| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Jan 2023 16:47:20 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Joerg Roedel <joro@...tes.org>
Cc: "H. Peter Anvin" <hpa@...or.com>,
Alexey Kardashevskiy <aik@....com>,
Peter Zijlstra <peterz@...radead.org>, kvm@...r.kernel.org,
x86@...nel.org, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Jiri Kosina <jkosina@...e.cz>, Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Borislav Petkov <bp@...en8.de>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [Question PATCH kernel] x86/amd/sev/nmi+vc: Fix stack handling
(why is this happening?)
On Tue, Jan 31, 2023, Joerg Roedel wrote:
> On Tue, Jan 31, 2023 at 03:53:39PM +0000, Sean Christopherson wrote:
> > I don't think that is technically true. A _well-behaved_ hypervisor will not
> > intercept DR0-DR6 accesses for SEV-ES guests, but AFAICT nothing in the SEV-ES
> > architecture enforces that behavior.
>
> Not from the hardware architecture side, but the GHCB spec does not
> list NAE events for DR0-DR6 accesses, so a guest is not required to
> handle them in the VC handler.
>
> Linux under SEV-ES will crash if the HV intercepts debug registers,
> except DR7.
Right, I'm just objecting to the wording of "DR0-DR6 are not intercepted". E.g.
from a security perspective, the kernel shouldn't rely on DR0-DR6 to execute
cleanly.
Powered by blists - more mailing lists