From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: John Allen <john.allen@amd.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, weijiang.yang@intel.com,
rick.p.edgecombe@intel.com, x86@kernel.org,
thomas.lendacky@amd.com, bp@alien8.de
Subject: Re: [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
Date: Thu, 2 Nov 2023 16:22:28 -0700 [thread overview]
Message-ID: <ZUQvNIE9iU5TqJfw@google.com> (raw)
In-Reply-To: <5e413e05de559971cdc2d1a9281a8a271590f62b.camel@redhat.com>
On Thu, Nov 02, 2023, Maxim Levitsky wrote:
> On Tue, 2023-10-10 at 20:02 +0000, John Allen wrote:
> > @@ -3032,6 +3037,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> > if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP))
> > svm_clr_intercept(svm, INTERCEPT_RDTSCP);
> > }
> > +
> > + if (kvm_caps.supported_xss)
> > + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1);
>
> This is not just a virtualization hole. This allows the guest to set MSR_IA32_XSS
> to whatever value it wants, and thus it might allow XSAVES to access some host msrs
> that guest must not be able to access.
>
> AMD might not yet have such msrs, but on Intel side I do see various components
> like 'HDC State', 'HWP state' and such.
The approach AMD has taken with SEV-ES+ is to have ucode context switch everything
that the guest can access. So, in theory, if/when AMD adds more XCR0/XSS-based
features, that state will also be context switched.
Don't get me wrong, I hate this with a passion, but it's not *quite* fatally unsafe,
just horrific.
> I understand that this is needed so that #VC handler could read this msr, and
> trying to read it will cause another #VC which is probably not allowed (I
> don't know this detail of SEV-ES)
>
> I guess #VC handler should instead use a kernel cached value of this msr
> instead, or at least KVM should only allow reads and not writes to it.
Nope, doesn't work. In addition to automatically context switching state, SEV-ES
also encrypts the guest state, i.e. KVM *can't* correctly virtualize XSS (or XCR0)
for the guest, because KVM *can't* load the guest's desired value into hardware.
The guest can do #VMGEXIT (a.k.a. VMMCALL) all it wants to request a certain XSS
or XCR0, and there's not a damn thing KVM can do to service the request.
next prev parent reply other threads:[~2023-11-02 23:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:02 [PATCH 0/9] SVM guest shadow stack support John Allen
2023-10-10 20:02 ` [PATCH 1/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 2/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 3/9] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2023-10-12 9:01 ` Nikunj A. Dadhania
2023-10-17 18:17 ` John Allen
2023-10-18 11:27 ` Nikunj A. Dadhania
2023-11-02 18:05 ` Maxim Levitsky
2023-11-06 16:45 ` Sean Christopherson
2023-11-07 18:20 ` Maxim Levitsky
2023-11-07 23:10 ` Sean Christopherson
2023-10-10 20:02 ` [PATCH 4/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp John Allen
2023-11-02 18:06 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 5/9] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2023-11-02 18:07 ` Maxim Levitsky
2024-02-26 16:56 ` John Allen
2023-10-10 20:02 ` [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2023-10-14 0:31 ` Sean Christopherson
2023-11-02 18:10 ` Maxim Levitsky
2023-11-02 23:22 ` Sean Christopherson [this message]
2023-11-07 18:20 ` Maxim Levitsky
2024-02-15 17:39 ` John Allen
2024-02-20 16:20 ` Sean Christopherson
2024-02-20 16:33 ` John Allen
2024-02-21 16:38 ` John Allen
2023-10-10 20:02 ` [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request John Allen
2023-10-12 12:59 ` Borislav Petkov
2023-10-17 18:12 ` John Allen
2023-10-17 18:49 ` Borislav Petkov
2023-11-02 18:14 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 8/9] KVM: SVM: Use KVM-governed features to track SHSTK John Allen
2023-11-02 18:07 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 9/9] KVM: SVM: Add CET features to supported_xss John Allen
2023-11-02 18:07 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZUQvNIE9iU5TqJfw@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.