| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zxa0RDcKA-nO2RjX@google.com> Date: Mon, 21 Oct 2024 13:06:28 -0700 From: Sean Christopherson <seanjc@...gle.com> To: Suravee Suthikulpanit <suravee.suthikulpanit@....com> Cc: Joao Martins <joao.m.martins@...cle.com>, pbonzini@...hat.com, david.kaplan@....com, jon.grimm@....com, santosh.shukla@....com, linux-kernel@...r.kernel.org, kvm@...r.kernel.org Subject: Re: [PATCH v2] KVM: SVM: Inhibit AVIC on SNP-enabled system without HvInUseWrAllowed feature On Fri, Oct 18, 2024, Suravee Suthikulpanit wrote: > On 10/18/2024 4:57 PM, Joao Martins wrote: > > On 18/10/2024 09:50, Suravee Suthikulpanit wrote: > > > On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while > > > the guest is running for both secure and non-secure guest. Any hypervisor > > > write to the in-use vCPU's AVIC backing page (e.g. to inject an interrupt) > > > will generate unexpected #PF in the host. > > > > > > Currently, attempt to run AVIC guest would result in the following error: > > > > > > BUG: unable to handle page fault for address: ff3a442e549cc270 > > > #PF: supervisor write access in kernel mode > > > #PF: error_code(0x80000003) - RMP violation > > > PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163 > > > SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00] > > > ... > > > > > > Newer AMD system is enhanced to allow hypervisor to modify the backing page > > > for non-secure guest on SNP-enabled system. This enhancement is available > > > when the CPUID Fn8000_001F_EAX bit 30 is set (HvInUseWrAllowed). > > > > > > This table describes AVIC support matrix w.r.t. SNP enablement: > > > > > > | Non-SNP system | SNP system > > > ----------------------------------------------------- > > > Non-SNP guest | AVIC Activate | AVIC Activate iff > > > | | HvInuseWrAllowed=1 > > > ----------------------------------------------------- > > > SNP guest | N/A | Secure AVIC > > > | | x2APIC only > > > > > > Introduce APICV_INHIBIT_REASON_HVINUSEWR_NOT_ALLOWED to deactivate AVIC Please use human/reader friendly terms, that's a very convoluted way of saying: APICV_INHIBIT_REASON_IN_USE_AVIC_PAGE_READ_ONLY > > > when the feature is not available on SNP-enabled system. > > > > > I misread your first sentence in v1 wrt to non-secure guests -- but it's a lot > > more obvious now. If this was sort of a dynamic condition at runtime (like the > > other inhibits triggered by guest behavior or something that can change at > > runtime post-boot, or modparam) then the inhibit system would be best acquainted > > for preventing enabling AVIC on a per-vm basis. But it appears this is > > global-defined-at-boot that blocks any non-secure guest from using AVIC if we > > boot as an SNP-enabled host i.e. based on testing BSP-defined feature bits solely. > > > > Your original proposal perhaps is better where you disable AVIC globally in > > avic_hardware_setup(). Apologies for (mistankenly) misleading you and wasting > > your time :/ > > Repost from v1 thread: > > I was considering the APICV inhibit as well, and decided to go with > disabling AVIC since it does not require additional APICV_INHIBIT_REASON_XXX > flag, and we can simply disable AVIC support during kvm-amd driver > initialization. > > After rethink this, it is better to use per-VM APICv inhibition instead > since certain AVIC data structures will be needed for secure AVIC support in > the future. I don't follow. I agree with Joao, this seems like an all-or-nothing situation. There's no point in an inhibit unless Secure AVIC CPUs will exist WITHOUT HvInuseWrAllowed, but even then, to keep things simple(r), I'm tempted to make SNP+AVIC require HvInuseWrAllowed
Powered by blists - more mailing lists