[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250529033546.dhf3ittxsc3qcysc@desk>
Date: Wed, 28 May 2025 20:36:07 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
Jim Mattson <jmattson@...gle.com>
Subject: Re: [PATCH 0/5] KVM: VMX: Fix MMIO Stale Data Mitigation
On Thu, May 22, 2025 at 06:17:51PM -0700, Sean Christopherson wrote:
> Fix KVM's mitigation of the MMIO Stale Data bug, as the current approach
> doesn't actually detect whether or not a guest has access to MMIO. E.g.
> KVM_DEV_VFIO_FILE_ADD is entirely optional, and obviously only covers VFIO
I believe this needs userspace co-operation?
> devices, and so is a terrible heuristic for "can this vCPU access MMIO?"
>
> To fix the flaw (hopefully), track whether or not a vCPU has access to MMIO
> based on the MMU it will run with. KVM already detects host MMIO when
> installing PTEs in order to force host MMIO to UC (EPT bypasses MTRRs), so
> feeding that information into the MMU is rather straightforward.
>
> Note, I haven't actually verified this mitigates the MMIO Stale Data bug, but
> I think it's safe to say no has verified the existing code works either.
Mitigation was verifed for VFIO devices, but ofcourse not for the cases you
mentioned above. Typically, it is the PCI config registers on some faulty
devices (that don't respect byte-enable) are subject to MMIO Stale Data.
But, it is impossible to test and confirm with absolute certainity that all
other cases are not affected. Your patches should rule out those cases as
well.
Regarding validating this, if VERW is executed at VMenter, mitigation was
found to be effective. This is similar to other bugs like MDS. I am not a
virtualization expert, but I will try to validate whatever I can.
> All that said, and despite what the subject says, my real interest in this
> series it to kill off kvm_arch_{start,end}_assignment(). I.e. preciesly
> identifying MMIO is a means to an end. Because as evidenced by the MMIO mess
> and other bugs (e.g. vDPA device not getting device posted interrupts),
> keying off KVM_DEV_VFIO_FILE_ADD for anything is a bad idea.
>
> The last two patches of this series depend on the stupidly large device
> posted interrupts rework:
>
> https://lore.kernel.org/all/20250523010004.3240643-1-seanjc@google.com
>
> which in turn depends on a not-tiny prep series:
>
> https://lore.kernel.org/all/20250519232808.2745331-1-seanjc@google.com
>
> Unless you care deeply about those patches, I honestly recommend just ignoring
> them. I posted them as part of this series, because post two patches that
> depends on *four* series seemed even more ridiculousr :-)
>
> Side topic: Pawan, I haven't forgotten about your mmio_stale_data_clear =>
> cpu_buf_vm_clear rename, I promise I'll review it soon.
No problem.
Powered by blists - more mailing lists