lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 May 2024 12:18:25 +0000
From: Ravi Bangoria <ravi.bangoria@....com>
To: <seanjc@...gle.com>, <pbonzini@...hat.com>, <nikunj.dadhania@....com>
CC: <ravi.bangoria@....com>, <thomas.lendacky@....com>, <tglx@...utronix.de>,
	<mingo@...hat.com>, <bp@...en8.de>, <dave.hansen@...ux.intel.com>,
	<x86@...nel.org>, <hpa@...or.com>, <michael.roth@....com>,
	<pankaj.gupta@....com>, <kvm@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <santosh.shukla@....com>
Subject: [PATCH v3 0/3] KVM: SEV-ES: Fix KVM_{GET|SET}_MSRS and LBRV handling

Fix couple of interrelated issues:

o KVM currently allows userspace to access MSRs even after the VMSA is
  encrypted. This can result into issues if MSR update has side effects on
  VM configuration. Patch 1 fixes that by preventing KVM_{GET|SET}_MSRS
  for SEV-ES guests once VMSA is encrypted.

o As documented in APM, LBR Virtualization must be enabled for SEV-ES
  guests. However, KVM currently enables LBRV unconditionally without
  checking feature bit, which is wrong. Patch 2 prevents SEV-ES guests
  when LBRV support is missing.

o Although LBRV is enabled for SEV-ES guests, MSR_IA32_DEBUGCTLMSR was
  still intercepted. This can crash SEV-ES guest if used inadvertently.
  Patch 3 fixes it.

Patches prepared on kvm/next (6f627b425378)

v2: https://lore.kernel.org/r/20240416050338.517-1-ravi.bangoria@amd.com
v2->v3: Fix all affiliated issues along with fixing MSR_IA32_DEBUGCTLMSR
   interception:
 - Block KVM_{GET|SET}_MSRS for SEV-ES guests post VMSA encryption (new)
 - Block SEV-ES guest creation when LBRV is disabled/not supported (new)
 - Move LBRV enablement code after VMSA encryption to avoid a scenario
   where LBRV can be disabled inadvertently through MSR_IA32_DEBUGCTLMSR
   write. (new)
 - Removed all 'Reviewed-by' since the code has changed quite a bit.

Nikunj A Dadhania (1):
  KVM: SEV-ES: Prevent MSR access post VMSA encryption

Ravi Bangoria (2):
  KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent
  KVM: SEV-ES: Fix LBRV code

 arch/x86/kvm/svm/sev.c | 21 +++++++++++++++------
 arch/x86/kvm/svm/svm.c | 42 ++++++++++++++++++++++++++++++++----------
 arch/x86/kvm/svm/svm.h |  7 ++++---
 3 files changed, 51 insertions(+), 19 deletions(-)

-- 
2.45.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ