lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 26 Jun 2023 11:45:56 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Rick P Edgecombe <rick.p.edgecombe@...el.com>,
        "john.allen@....com" <john.allen@....com>,
        Weijiang Yang <weijiang.yang@...el.com>,
        "bp@...en8.de" <bp@...en8.de>, "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "andrew.cooper3@...rix.com" <andrew.cooper3@...rix.com>
Subject: Re: [RFC PATCH v2 6/6] KVM: SVM: Add CET features to supported_xss

On 6/26/23 11:28, Sean Christopherson wrote:
> On Mon, Jun 26, 2023, Tom Lendacky wrote:
>> On 6/23/23 17:18, Sean Christopherson wrote:
>>> On Fri, Jun 09, 2023, Rick P Edgecombe wrote:
>>>> Also, since the host might have CR4.CET set for its own reasons, if the host
>>>> handled an exit with the the guests MSR_IA32_S_CET set it could suddenly be
>>>> subjected to CET enforcement that it doesn't expect. Waiting to restore it
>>>> until returning to the guest is too late.
>>>>
>>>> At least that's the reasoning on the VMX side as I understand it
>>>
>>> The APM doesn't come right out and say it, but I assume/hope that S_CET is saved
>>> on VMRUN and loaded on #VMEXIT, i.e. is the same as VMX for all intents and
>>> purposes.
>>>
>>> The host save state definitely has a field for S_CET, and VMRUN documents that the
>>> guest values are loaded, I just can't find anything in the APM that explicitly states
>>> how host S_CET and friends are handled.  E.g. in theory, they could have been
>>> shoved into VMSAVE+VMLOAD, though I very much doubt that's the case.
>>
>> Yes, the host value is saved/restored on VMRUN/#VMEXIT. Anything that is in
>> the VMCB Save Area (the non-SEV-ES save area) is fully virtualized (unless
>> noted otherwise) and doesn't require special processing to save/restore the
>> host values.
> 
> Would it makes sense to add a column in "Table B-2. VMCB Layout, State Save Area"
> to specify whether a field is handled by VMRUN+#VMEXIT vs. VMLOAD+VMSAVE?  I can't
> find anywhere in the APM where it explicitly states that VMRUN+#VMEXIT context
> switches everything in the Save Area except the fields listed in "15.5.2 VMSAVE
> and VMLOAD Instructions".
> 
> "15.5 VMRUN Instruction" kinda sorta covers that behavior, but the information is
> either incomplete or stale, e.g. for host state it says "at least the following"
> 
>    Saving Host State. To ensure that the host can resume operation after #VMEXIT,
>    VMRUN saves at least the following host state information:
> 
> but for guest state it says "the following"
> 
>    Loading Guest State. After saving host state, VMRUN loads the following guest
>    state from the VMCB:
> 
> and then both provide incomplete lists of state.  A pedantic reading of the guest
> case suggests that there's a large pile of state that *isn't* loaded, and the host
> case isn't all that helpful because it's way too handwavy.

I'll communicate this feedback to the folks that update the APM volumes 
and see what can be done.

Thanks,
Tom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ