| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jun 2023 22:23:03 +0800
From: Zeng Guang <guang.zeng@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
H Peter Anvin <hpa@...or.com>, kvm@...r.kernel.org
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Zeng Guang <guang.zeng@...el.com>
Subject: [PATCH v1 0/6] LASS KVM virtualization support
Linear Address Space Separation (LASS)[1] is an independent mechanism
that enforces the mode-based protections on any access to a linear
address.
Based on a linear-address organization, the 64-bit canonical linear
address space is partitioned into two halves: all linear addresses
whose most significant bit is 0 are user space addresses, while linear
addresses whose most significant bit is 1 are supervisor space address.
LASS aims to prevent any attempt to probe supervisor space addresses by
user mode, and likewise stop any attempt to access (if SMAP enabled) or
execute user space addresses from supervisor mode.
When platform has LASS capability, KVM requires to expose this feature
to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and
allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction
executed in the guest directly, hardware will perform the check. But KVM
also needs to behave same as hardware to apply LASS to kinds of guest
memory accesses when emulating privileged instructions by software.
KVM will take following LASS voilations check on emulation path.
User-mode access to supervisor space address:
LA[bit 63] && (CPL == 3)
Supervisor-mode access to user space address:
Instruction fetch: !LA[bit 63] && (CPL < 3)
Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 &&
CPL < 3) || Implicit supervisor access)
This patch series provide a LASS KVM solution.
We tested the basic function of LASS virtualization including LASS
enumeration and enabling in non-root and nested environment. As KVM
unittest framework is not compatible to LASS rule, we use kernel module
and application test to emulate LASS violation instead. With KVM forced
emulation mechanism, we also verified the LASS functionality on some
emulation path with instruction fetch and data access to have same
behavior as hardware.
[1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368
Chapter Linear Address Space Separation (LASS)
------------------------------------------------------
v0->v1
1. Adapt to new __linearize() API
2. Function refactor of vmx_check_lass()
3. Refine commit message to be more precise
4. Drop LASS kvm cap detection depending
on hardware capability
Binbin Wu (1):
KVM: x86: Consolidate flags for __linearize()
Zeng Guang (5):
KVM: x86: Virtualize CR4.LASS
KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check
KVM: x86: Add emulator helper for LASS violation check
KVM: x86: LASS protection on KVM emulation
KVM: x86: Advertise LASS CPUID to user space
arch/x86/include/asm/kvm-x86-ops.h | 3 +-
arch/x86/include/asm/kvm_host.h | 4 ++-
arch/x86/kvm/cpuid.c | 5 ++-
arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++-----
arch/x86/kvm/kvm_emulate.h | 6 ++++
arch/x86/kvm/vmx/nested.c | 3 ++
arch/x86/kvm/vmx/sgx.c | 4 +++
arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++
arch/x86/kvm/vmx/vmx.h | 2 ++
arch/x86/kvm/x86.c | 12 +++++++
arch/x86/kvm/x86.h | 2 ++
11 files changed, 126 insertions(+), 12 deletions(-)
--
2.27.0
Powered by blists - more mailing lists