lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZMkie3B7obtTTpLu@johallen-workstation>
Date:   Tue, 1 Aug 2023 10:19:23 -0500
From:   John Allen <john.allen@....com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        pbonzini@...hat.com, weijiang.yang@...el.com,
        rick.p.edgecombe@...el.com, x86@...nel.org,
        thomas.lendacky@....com, bp@...en8.de
Subject: Re: [RFC PATCH v2 4/6] KVM: SVM: Save shadow stack host state on
 VMRUN

On Fri, Jun 23, 2023 at 02:11:46PM -0700, Sean Christopherson wrote:
> On Wed, May 24, 2023, John Allen wrote:
> > When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP,
> > and U_CET fields in the VMCB save area are type B, meaning the host
> > state is automatically loaded on a VMEXIT, but is not saved on a VMRUN.
> > The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A,
> > meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the
> > type B host MSR values before VMRUN.
> > 
> > Signed-off-by: John Allen <john.allen@....com>
> > ---
> >  arch/x86/kvm/svm/sev.c | 13 +++++++++++++
> >  1 file changed, 13 insertions(+)
> > 
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index c25aeb550cd9..03dd68bddd51 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -3028,6 +3028,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
> >  
> >  	/* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */
> >  	hostsa->xss = host_xss;
> > +
> > +	if (boot_cpu_has(X86_FEATURE_SHSTK)) {
> > +		/*
> > +		 * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP,
> > +		 * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on
> > +		 * VMEXIT, save the current host values.
> > +		 */
> > +		rdmsrl(MSR_IA32_U_CET, hostsa->u_cet);
> > +		rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp);
> > +		rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp);
> > +		rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp);
> > +		rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp);
> 
> Heh, can you send a patch to fix the names for the PLx_SSP fields?  They should
> be ->plN_ssp, not ->vmplN_ssp.

Yes, I will include a patch to address this in the next version of the
series.

> 
> As for the values themselves, the kernel doesn't support Supervisor Shadow Stacks
> (SSS), so PL0-2_SSP are guaranteed to be zero.  And if/when SSS support is added,
> I doubt the kernel will ever use PL1_SSP or PL2_SSP, so those can probably be
> ignored entirely, and PL0_SSP might be constant per task?  In other words, I don't
> see any reason to try and track the host values for support that doesn't exist,
> just do what VMX does for BNDCFGS and yell if the MSRs are non-zero.  Though for
> SSS it probably makes sense for KVM to refuse to load (KVM continues on for BNDCFGS
> because it's a pretty safe assumption that the kernel won't regain MPX supported).
> 
> E.g. in rough pseudocode
> 
> 	if (boot_cpu_has(X86_FEATURE_SHSTK)) {
> 		rdmsrl(MSR_IA32_PLx_SSP, host_plx_ssp);
> 
> 		if (WARN_ON_ONCE(host_pl0_ssp || host_pl1_ssp || host_pl2_ssp))
> 			return -EIO;
> 	}

The function in question returns void and wouldn't be able to return a
failure code to callers. We would have to rework this path in order to
fail in this way. Is it sufficient to just WARN_ON_ONCE here or is there
some other way we can cause KVM to fail to load here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ