lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250825162820.GDaKyPJLxPD-sZ8YWP@fat_crate.local>
Date: Mon, 25 Aug 2025 18:28:20 +0200
From: Borislav Petkov <bp@...en8.de>
To: Neeraj Upadhyay <Neeraj.Upadhyay@....com>, seanjc@...gle.com
Cc: linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
	dave.hansen@...ux.intel.com, Thomas.Lendacky@....com,
	nikunj@....com, Santosh.Shukla@....com, Vasant.Hegde@....com,
	Suravee.Suthikulpanit@....com, David.Kaplan@....com, x86@...nel.org,
	hpa@...or.com, peterz@...radead.org, pbonzini@...hat.com,
	kvm@...r.kernel.org, huibo.wang@....com, naveen.rao@....com,
	francescolavra.fl@...il.com, tiala@...rosoft.com
Subject: Re: [PATCH v9 17/18] x86/sev: Prevent SECURE_AVIC_CONTROL MSR
 interception for Secure AVIC guests

On Mon, Aug 11, 2025 at 03:14:43PM +0530, Neeraj Upadhyay wrote:
> The SECURE_AVIC_CONTROL MSR holds the GPA of the guest APIC backing
> page and bitfields to control enablement of Secure AVIC and NMI by
> guest vCPUs. This MSR is populated by the guest and the hypervisor
> should not intercept it. A #VC exception will be generated otherwise.
> If this occurs and Secure AVIC is enabled, terminate guest execution.
> 
> Reviewed-by: Tianyu Lan <tiala@...rosoft.com>
> Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
> ---
> Changes since v8:
>  - No change.
> 
>  arch/x86/coco/sev/vc-handle.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
> index fc770cc9117d..e856a5e18670 100644
> --- a/arch/x86/coco/sev/vc-handle.c
> +++ b/arch/x86/coco/sev/vc-handle.c
> @@ -414,6 +414,15 @@ enum es_result sev_es_ghcb_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt
>  		if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
>  			return __vc_handle_secure_tsc_msrs(regs, write);
>  		break;
> +	case MSR_AMD64_SECURE_AVIC_CONTROL:
> +		/*
> +		 * AMD64_SECURE_AVIC_CONTROL should not be intercepted when
> +		 * Secure AVIC is enabled. Terminate the Secure AVIC guest
> +		 * if the interception is enabled.
> +		 */
> +		if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> +			return ES_VMM_ERROR;
> +		break;

In light of the recent secure TSC MSR discussions, let's see if Sean really
wants to do two different things for reads and writes here too...

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ