lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <SA1PR11MB673495D9F346EF15C3A958A6A8B2A@SA1PR11MB6734.namprd11.prod.outlook.com>
Date:   Tue, 14 Nov 2023 04:48:31 +0000
From:   "Li, Xin3" <xin3.li@...el.com>
To:     "Gao, Chao" <chao.gao@...el.com>
CC:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
        "linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
        "seanjc@...gle.com" <seanjc@...gle.com>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "corbet@....net" <corbet@....net>,
        "kys@...rosoft.com" <kys@...rosoft.com>,
        "haiyangz@...rosoft.com" <haiyangz@...rosoft.com>,
        "wei.liu@...nel.org" <wei.liu@...nel.org>,
        "Cui, Dexuan" <decui@...rosoft.com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "bp@...en8.de" <bp@...en8.de>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
        "vkuznets@...hat.com" <vkuznets@...hat.com>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>
Subject: RE: [PATCH v1 10/23] KVM: VMX: Add support for FRED context
 save/restore

> > #ifdef CONFIG_X86_64
> > 	MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
> >+	MSR_IA32_FRED_RSP0, MSR_IA32_FRED_RSP1, MSR_IA32_FRED_RSP2,
> >+	MSR_IA32_FRED_RSP3, MSR_IA32_FRED_STKLVLS, MSR_IA32_FRED_SSP1,
> >+	MSR_IA32_FRED_SSP2, MSR_IA32_FRED_SSP3, MSR_IA32_FRED_CONFIG,
> 
> Need to handle the case where FRED MSRs are valid but KVM cannot virtualize
> FRED, see kvm_probe_msr_to_save().

Will take care of it, thanks for reminding.

> > #endif
> > 	MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA,
> > 	MSR_IA32_FEAT_CTL, MSR_IA32_BNDCFGS, MSR_TSC_AUX, @@ -1890,6
> +1893,16
> >@@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data,
> >
> > 		data = (u32)data;
> > 		break;
> >+	case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG:
> >+		if (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_FRED))
> >+			break;
> 
> Nothing guarantees FRED MSRs/VMCS fields exist on the hardware here. Probably
> use guest_cpu_cap_has()*.

Ah, my bad!

> *: https://lore.kernel.org/kvm/20231110235528.1561679-1-seanjc@google.com
> >+
> >+		/*
> >+		 * Inject #GP upon FRED MSRs accesses from a non-FRED guest to
> >+		 * make sure no malicious guest can write to FRED MSRs thus to
> >+		 * corrupt host FRED MSRs.
> >+		 */
> 
> I think injecting #GP here is simply because KVM should emulate hardware
> behavior. To me, preventing guest from corrupting FRED MSRs is at most a
> byproduct. I prefer to drop the comment.

>From security POV, this is important to mention.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ