| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZMkie3B7obtTTpLu@johallen-workstation>
Date: Tue, 1 Aug 2023 10:19:23 -0500
From: John Allen <john.allen@....com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
pbonzini@...hat.com, weijiang.yang@...el.com,
rick.p.edgecombe@...el.com, x86@...nel.org,
thomas.lendacky@....com, bp@...en8.de
Subject: Re: [RFC PATCH v2 4/6] KVM: SVM: Save shadow stack host state on
VMRUN
On Fri, Jun 23, 2023 at 02:11:46PM -0700, Sean Christopherson wrote:
> On Wed, May 24, 2023, John Allen wrote:
> > When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP,
> > and U_CET fields in the VMCB save area are type B, meaning the host
> > state is automatically loaded on a VMEXIT, but is not saved on a VMRUN.
> > The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A,
> > meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the
> > type B host MSR values before VMRUN.
> >
> > Signed-off-by: John Allen <john.allen@....com>
> > ---
> > arch/x86/kvm/svm/sev.c | 13 +++++++++++++
> > 1 file changed, 13 insertions(+)
> >
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index c25aeb550cd9..03dd68bddd51 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -3028,6 +3028,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
> >
> > /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */
> > hostsa->xss = host_xss;
> > +
> > + if (boot_cpu_has(X86_FEATURE_SHSTK)) {
> > + /*
> > + * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP,
> > + * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on
> > + * VMEXIT, save the current host values.
> > + */
> > + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet);
> > + rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp);
> > + rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp);
> > + rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp);
> > + rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp);
>
> Heh, can you send a patch to fix the names for the PLx_SSP fields? They should
> be ->plN_ssp, not ->vmplN_ssp.
Yes, I will include a patch to address this in the next version of the
series.
>
> As for the values themselves, the kernel doesn't support Supervisor Shadow Stacks
> (SSS), so PL0-2_SSP are guaranteed to be zero. And if/when SSS support is added,
> I doubt the kernel will ever use PL1_SSP or PL2_SSP, so those can probably be
> ignored entirely, and PL0_SSP might be constant per task? In other words, I don't
> see any reason to try and track the host values for support that doesn't exist,
> just do what VMX does for BNDCFGS and yell if the MSRs are non-zero. Though for
> SSS it probably makes sense for KVM to refuse to load (KVM continues on for BNDCFGS
> because it's a pretty safe assumption that the kernel won't regain MPX supported).
>
> E.g. in rough pseudocode
>
> if (boot_cpu_has(X86_FEATURE_SHSTK)) {
> rdmsrl(MSR_IA32_PLx_SSP, host_plx_ssp);
>
> if (WARN_ON_ONCE(host_pl0_ssp || host_pl1_ssp || host_pl2_ssp))
> return -EIO;
> }
The function in question returns void and wouldn't be able to return a
failure code to callers. We would have to rework this path in order to
fail in this way. Is it sufficient to just WARN_ON_ONCE here or is there
some other way we can cause KVM to fail to load here?
Powered by blists - more mailing lists