| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZvrMBs-eScleFMOT@google.com>
Date: Mon, 30 Sep 2024 09:04:22 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, pbonzini@...hat.com,
david.kaplan@....com
Subject: Re: [PATCH] KVM: SVM: Disable AVIC on SNP-enabled system without
HvInUseWrAllowed feature
On Mon, Sep 30, 2024, Suravee Suthikulpanit wrote:
> On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while
> the guest is running for both secure and non-secure guest. This causes
> any attempts to modify the RMP entries for the backing page to result in
> FAIL_INUSE response. This is to ensure that the AVIC backing page is not
> maliciously assigned to an SNP guest while the unencrypted guest is active.
>
> Currently, an attempt to run AVIC guest would result in the following error:
>
> BUG: unable to handle page fault for address: ff3a442e549cc270
> #PF: supervisor write access in kernel mode
> #PF: error_code(0x80000003) - RMP violation
> PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163
> SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00]
> ...
This should be "fixed" by commit 75253db41a46 ("KVM: SEV: Make AVIC backing, VMSA
and VMCB memory allocation SNP safe"), no?
> Newer AMD system is enhanced to allow hypervisor to modify RMP entries of
> the backing page for non-secure guest on SNP-enabled system. This
> enhancement is available when the CPUID Fn8000_001F_EAX bit 30 is set
> (HvInUseWrAllowed) See the AMD64 Architecture Programmer’s Manual (APM)
> Volume 2 for detail. (https://www.amd.com/content/dam/amd/en/documents/
> processor-tech-docs/programmer-references/40332.pdf)
>
> Therefore, add logic to check the new CPUID bit before enabling AVIC
> on SNP-enabled system.
>
> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
> ---
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/kvm/svm/avic.c | 6 ++++++
> 2 files changed, 7 insertions(+)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index dd4682857c12..921b6de80e24 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -448,6 +448,7 @@
> #define X86_FEATURE_SME_COHERENT (19*32+10) /* AMD hardware-enforced cache coherency */
> #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" AMD SEV-ES full debug state swap support */
> #define X86_FEATURE_SVSM (19*32+28) /* "svsm" SVSM present */
> +#define X86_FEATURE_HV_INUSE_WR_ALLOWED (19*32+30) /* Write to in-use hypervisor-owned pages allowed */
>
> /* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */
> #define X86_FEATURE_NO_NESTED_DATA_BP (20*32+ 0) /* No Nested Data Breakpoints */
> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
> index 4b74ea91f4e6..42f2caf17d6a 100644
> --- a/arch/x86/kvm/svm/avic.c
> +++ b/arch/x86/kvm/svm/avic.c
> @@ -1199,6 +1199,12 @@ bool avic_hardware_setup(void)
> return false;
> }
>
> + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP) &&
> + !boot_cpu_has(X86_FEATURE_HV_INUSE_WR_ALLOWED)) {
> + pr_warn("AVIC disabled: missing HvInUseWrAllowed on SNP-enabled system");
> + return false;
> + }
> +
> if (boot_cpu_has(X86_FEATURE_AVIC)) {
> pr_info("AVIC enabled\n");
> } else if (force_avic) {
> --
> 2.34.1
>
Powered by blists - more mailing lists