[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20251013-l1tf-test-v1-0-583fb664836d@google.com>
Date: Mon, 13 Oct 2025 15:13:53 +0000
From: Brendan Jackman <jackmanb@...gle.com>
To: Shuah Khan <shuah@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>
Cc: Alexandra Sandulescu <aesa@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, Brendan Jackman <jackmanb@...gle.com>
Subject: [PATCH 0/2] KVM: x86: selftests: add L1TF exploit test
This has been tested on a Google Skylake platform.
One potential issue with this test is that it fails (that is, the
exploit succeeds) when using the conditional L1D flush, because the
gadget is injected into the hypercall path which doesn't appear to
include a flush. If this is unacceptable, we should discuss how to amend
the test so that it can be used to evaluate the conditional flush logic
as well. This would basically mean simulating some more complicated
gadget where the "attacker" has found another way to steer the host
kernel towards the target data, instead of just a simple hypercall.
The reason this limitation is tolerable to me is my ulterior motive,
i.e. because I am specifically interested in an end-to-end test for
Address Space Isolation [0], which is abstracted from these details of the
exploit.
Based on kvm/next.
[0] https://lore.kernel.org/all/20250924-b4-asi-page-alloc-v1-0-2d861768041f@google.com/T/#t
Signed-off-by: Brendan Jackman <jackmanb@...gle.com>
---
Alexandra Sandulescu (1):
KVM: x86: selftests: add an L1TF exploit test
Brendan Jackman (1):
selftests: fix installing nested TEST_GEN_MODS_DIR
tools/testing/selftests/kvm/Makefile.kvm | 7 +
tools/testing/selftests/kvm/x86/l1tf_test.c | 633 +++++++++++++++++++++
tools/testing/selftests/kvm/x86/l1tf_test.sh | 10 +
.../selftests/kvm/x86/test_modules/Makefile | 10 +
.../kvm/x86/test_modules/l1tf_test_helper.c | 92 +++
tools/testing/selftests/lib.mk | 2 +-
6 files changed, 753 insertions(+), 1 deletion(-)
---
base-commit: 6b36119b94d0b2bb8cea9d512017efafd461d6ac
change-id: 20251013-l1tf-test-1bee540cefb4
Best regards,
--
Brendan Jackman <jackmanb@...gle.com>
Powered by blists - more mailing lists