lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZvxKoz9WQKmOp5HR@google.com>
Date: Tue, 1 Oct 2024 12:16:51 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, pbonzini@...hat.com, 
	david.kaplan@....com
Subject: Re: [PATCH] KVM: SVM: Disable AVIC on SNP-enabled system without
 HvInUseWrAllowed feature

On Tue, Oct 01, 2024, Suravee Suthikulpanit wrote:
> Hi Sean,
> 
> On 9/30/2024 11:04 PM, Sean Christopherson wrote:
> > On Mon, Sep 30, 2024, Suravee Suthikulpanit wrote:
> > > On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while
> > > the guest is running for both secure and non-secure guest. This causes
> > > any attempts to modify the RMP entries for the backing page to result in
> > > FAIL_INUSE response. This is to ensure that the AVIC backing page is not
> > > maliciously assigned to an SNP guest while the unencrypted guest is active.
> > > 
> > > Currently, an attempt to run AVIC guest would result in the following error:
> > > 
> > >      BUG: unable to handle page fault for address: ff3a442e549cc270
> > >      #PF: supervisor write access in kernel mode
> > >      #PF: error_code(0x80000003) - RMP violation
> > >      PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163
> > >      SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00]
> > >      ...
> > This should be "fixed" by commit 75253db41a46 ("KVM: SEV: Make AVIC backing, VMSA
> > and VMCB memory allocation SNP safe"), no?
> 
> The commit 75253db41a46 fixes another issue related to 2MB-aligned in-use
> page, where the CPU incorrectly treats the whole 2MB region as in-use and
> signal an RMP violation #PF.
> 
> This enhancement is mainly to allow hypervisor to write to the AVIC backing
> page of non-secure guest on SNP-enabled system.

In that case, the changelog needs to be rewritten, because the changelog very
explicitly talks about modifying RMP entries, whereas IIUC, the issue is that
cross-CPU writes to a vCPU's vAPIC page, e.g. to inject an interrupt, will generate
unexpected #PFs in the host.

> Note: This change might need to be ported to stable 6.9, 6.10, and 6.11 tree
> as well.

At the very least, it needs a fixes, which I believe is:

  Fixes: 216d106c7ff7 ("x86/sev: Add SEV-SNP host initialization support")

6.9 and 6.10 aren't LTS kernels, so backports to them aren't necessary.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ