lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8601e84c-f920-4948-bb8a-e0951c6c13c5@amd.com>
Date: Fri, 31 May 2024 09:36:46 +0530
From: Ravi Bangoria <ravi.bangoria@....com>
To: Tom Lendacky <thomas.lendacky@....com>
Cc: seanjc@...gle.com, pbonzini@...hat.com, nikunj.dadhania@....com,
 tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
 dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
 michael.roth@....com, pankaj.gupta@....com, kvm@...r.kernel.org,
 linux-kernel@...r.kernel.org, santosh.shukla@....com, ravi.bangoria@....com
Subject: Re: [PATCH v3 3/3] KVM: SEV-ES: Fix LBRV code

On 5/30/2024 7:33 PM, Tom Lendacky wrote:
> On 5/23/24 07:18, Ravi Bangoria wrote:
>> As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
>> guests. Although KVM currently enforces LBRV for SEV-ES guests, there
>> are multiple issues with it:
>>
>> o MSR_IA32_DEBUGCTLMSR is still intercepted. Since MSR_IA32_DEBUGCTLMSR
>>    interception is used to dynamically toggle LBRV for performance reasons,
>>    this can be fatal for SEV-ES guests. For ex SEV-ES guest on Zen3:
>>
>>    [guest ~]# wrmsr 0x1d9 0x4
>>    KVM: entry failed, hardware error 0xffffffff
>>    EAX=00000004 EBX=00000000 ECX=000001d9 EDX=00000000
>>
>>    Fix this by never intercepting MSR_IA32_DEBUGCTLMSR for SEV-ES guests.
>>    No additional save/restore logic is required since MSR_IA32_DEBUGCTLMSR
>>    is of swap type A.
>>
>> o KVM will disable LBRV if userspace sets MSR_IA32_DEBUGCTLMSR before the
>>    VMSA is encrypted. Fix this by moving LBRV enablement code post VMSA
>>    encryption.
>>
>> [1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
>>       2023, Vol 2, 15.35.2 Enabling SEV-ES.
>>       https://bugzilla.kernel.org/attachment.cgi?id=304653
>>
>> Co-developed-by: Nikunj A Dadhania <nikunj@....com>
>> Signed-off-by: Nikunj A Dadhania <nikunj@....com>
>> Signed-off-by: Ravi Bangoria <ravi.bangoria@....com>
> 
> Should this have a Fixes: tag, too?

Yeah, will add
Fixes: 376c6d285017 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")

Thanks,
Ravi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ