Re: [PATCH 0/9] KVM backports to 5.10

Re: [PATCH 0/9] KVM backports to 5.10

[Lee Jones]

On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:

> On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > Gentle reminder to review this patch series.
> > 
> > Gentle reminder to never top-post :)
> > 
> > Also, it's up to the KVM maintainers if they wish to review this or not.
> > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > not just use 5.15.y or newer?
> 
> Given the lack of responses here from the KVM developers, I'll drop this
> from my mbox and wait for them to be properly reviewed and resend before
> considering them for a stable release.

KVM maintainers,

Would someone be kind enough to take a look at this for Greg please?

Note that at least one of the patches in this set has been identified as
a fix for a serious security issue regarding the compromise of guest
kernels due to the mishandling of flush operations.

Please could someone confirm or otherwise that this is relevant for
v5.10.y and older?

Thank you.

-- 
Lee Jones [李琼斯]

Re: [PATCH 0/9] KVM backports to 5.10

[Sean Christopherson]

On Wed, Apr 19, 2023, Lee Jones wrote:
> On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
> 
> > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > > Gentle reminder to review this patch series.
> > > 
> > > Gentle reminder to never top-post :)
> > > 
> > > Also, it's up to the KVM maintainers if they wish to review this or not.
> > > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > > not just use 5.15.y or newer?
> > 
> > Given the lack of responses here from the KVM developers, I'll drop this
> > from my mbox and wait for them to be properly reviewed and resend before
> > considering them for a stable release.
> 
> KVM maintainers,
> 
> Would someone be kind enough to take a look at this for Greg please?
> 
> Note that at least one of the patches in this set has been identified as
> a fix for a serious security issue regarding the compromise of guest
> kernels due to the mishandling of flush operations.

A minor note, the security issue is serious _if_ the bug can be exploited, which
as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
between host userspace and the guest kernel, and as Jann called out, triggering
the bug on a !PREEMPT host kernel would be quite difficult in practice.

I don't want to downplay the seriousness of compromising guest security, but CVSS
scores for KVM CVEs almost always fail to account for the multitude of factors in
play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
EPT, which pretty much no one does when running untrusted guest code.

In other words, take the purported severity with a grain of salt.

> Please could someone confirm or otherwise that this is relevant for
> v5.10.y and older?

Acked-by: Sean Christopherson <seanjc@google.com>

Re: [PATCH 0/9] KVM backports to 5.10

[Lee Jones]

On Tue, 02 May 2023, Sean Christopherson wrote:

> On Wed, Apr 19, 2023, Lee Jones wrote:
> > On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
> > 
> > > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > > > Gentle reminder to review this patch series.
> > > > 
> > > > Gentle reminder to never top-post :)
> > > > 
> > > > Also, it's up to the KVM maintainers if they wish to review this or not.
> > > > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > > > not just use 5.15.y or newer?
> > > 
> > > Given the lack of responses here from the KVM developers, I'll drop this
> > > from my mbox and wait for them to be properly reviewed and resend before
> > > considering them for a stable release.
> > 
> > KVM maintainers,
> > 
> > Would someone be kind enough to take a look at this for Greg please?
> > 
> > Note that at least one of the patches in this set has been identified as
> > a fix for a serious security issue regarding the compromise of guest
> > kernels due to the mishandling of flush operations.
> 
> A minor note, the security issue is serious _if_ the bug can be exploited, which
> as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
> between host userspace and the guest kernel, and as Jann called out, triggering
> the bug on a !PREEMPT host kernel would be quite difficult in practice.
> 
> I don't want to downplay the seriousness of compromising guest security, but CVSS
> scores for KVM CVEs almost always fail to account for the multitude of factors in
> play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
> EPT, which pretty much no one does when running untrusted guest code.
> 
> In other words, take the purported severity with a grain of salt.
> 
> > Please could someone confirm or otherwise that this is relevant for
> > v5.10.y and older?
> 
> Acked-by: Sean Christopherson <seanjc@google.com>

Thanks for taking the time to provide some background information and
for the Ack Sean, much appreciated.

For anyone taking notice, I expect a little lag on this still whilst
Greg is AFK.  I'll follow-up in a few days.

-- 
Lee Jones [李琼斯]

Re: [PATCH 0/9] KVM backports to 5.10

[gregkh]

On Wed, May 03, 2023 at 08:34:33AM +0100, Lee Jones wrote:
> On Tue, 02 May 2023, Sean Christopherson wrote:
> 
> > On Wed, Apr 19, 2023, Lee Jones wrote:
> > > On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
> > > 
> > > > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > > > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > > > > Gentle reminder to review this patch series.
> > > > > 
> > > > > Gentle reminder to never top-post :)
> > > > > 
> > > > > Also, it's up to the KVM maintainers if they wish to review this or not.
> > > > > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > > > > not just use 5.15.y or newer?
> > > > 
> > > > Given the lack of responses here from the KVM developers, I'll drop this
> > > > from my mbox and wait for them to be properly reviewed and resend before
> > > > considering them for a stable release.
> > > 
> > > KVM maintainers,
> > > 
> > > Would someone be kind enough to take a look at this for Greg please?
> > > 
> > > Note that at least one of the patches in this set has been identified as
> > > a fix for a serious security issue regarding the compromise of guest
> > > kernels due to the mishandling of flush operations.
> > 
> > A minor note, the security issue is serious _if_ the bug can be exploited, which
> > as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
> > between host userspace and the guest kernel, and as Jann called out, triggering
> > the bug on a !PREEMPT host kernel would be quite difficult in practice.
> > 
> > I don't want to downplay the seriousness of compromising guest security, but CVSS
> > scores for KVM CVEs almost always fail to account for the multitude of factors in
> > play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
> > EPT, which pretty much no one does when running untrusted guest code.
> > 
> > In other words, take the purported severity with a grain of salt.
> > 
> > > Please could someone confirm or otherwise that this is relevant for
> > > v5.10.y and older?
> > 
> > Acked-by: Sean Christopherson <seanjc@google.com>
> 
> Thanks for taking the time to provide some background information and
> for the Ack Sean, much appreciated.
> 
> For anyone taking notice, I expect a little lag on this still whilst
> Greg is AFK.  I'll follow-up in a few days.

What am I supposed to do here?  The thread is long-gone from my stable
review queue, is there some patch I'm supposed to apply?  If so, can I
get a resend with the proper acks added?

thanks,

greg k-h

Re: [PATCH 0/9] KVM backports to 5.10

[Bhatnagar, Rishabh]

On 5/3/23 6:10 PM, gregkh@linuxfoundation.org wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
>
>
>
> On Wed, May 03, 2023 at 08:34:33AM +0100, Lee Jones wrote:
>> On Tue, 02 May 2023, Sean Christopherson wrote:
>>
>>> On Wed, Apr 19, 2023, Lee Jones wrote:
>>>> On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
>>>>
>>>>> On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
>>>>>> On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
>>>>>>> Gentle reminder to review this patch series.
>>>>>> Gentle reminder to never top-post :)
>>>>>>
>>>>>> Also, it's up to the KVM maintainers if they wish to review this or not.
>>>>>> I can't make them care about old and obsolete kernels like 5.10.y.  Why
>>>>>> not just use 5.15.y or newer?
>>>>> Given the lack of responses here from the KVM developers, I'll drop this
>>>>> from my mbox and wait for them to be properly reviewed and resend before
>>>>> considering them for a stable release.
>>>> KVM maintainers,
>>>>
>>>> Would someone be kind enough to take a look at this for Greg please?
>>>>
>>>> Note that at least one of the patches in this set has been identified as
>>>> a fix for a serious security issue regarding the compromise of guest
>>>> kernels due to the mishandling of flush operations.
>>> A minor note, the security issue is serious _if_ the bug can be exploited, which
>>> as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
>>> between host userspace and the guest kernel, and as Jann called out, triggering
>>> the bug on a !PREEMPT host kernel would be quite difficult in practice.
>>>
>>> I don't want to downplay the seriousness of compromising guest security, but CVSS
>>> scores for KVM CVEs almost always fail to account for the multitude of factors in
>>> play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
>>> EPT, which pretty much no one does when running untrusted guest code.
>>>
>>> In other words, take the purported severity with a grain of salt.
>>>
>>>> Please could someone confirm or otherwise that this is relevant for
>>>> v5.10.y and older?
>>> Acked-by: Sean Christopherson <seanjc@google.com>
>> Thanks for taking the time to provide some background information and
>> for the Ack Sean, much appreciated.
>>
>> For anyone taking notice, I expect a little lag on this still whilst
>> Greg is AFK.  I'll follow-up in a few days.
> What am I supposed to do here?  The thread is long-gone from my stable
> review queue, is there some patch I'm supposed to apply?  If so, can I
> get a resend with the proper acks added?
>
> thanks,
>
> greg k-h

Yeah its been half a year since i sent this series and i had mostly 
forgotten about this.
Sure i can resend a new version with acks/tested-by added.

Thanks
Rishabh

Re: [PATCH 0/9] KVM backports to 5.10

[Lee Jones]

On Thu, 04 May 2023, Bhatnagar, Rishabh wrote:

> 
> On 5/3/23 6:10 PM, gregkh@linuxfoundation.org wrote:
> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> > 
> > 
> > 
> > On Wed, May 03, 2023 at 08:34:33AM +0100, Lee Jones wrote:
> > > On Tue, 02 May 2023, Sean Christopherson wrote:
> > > 
> > > > On Wed, Apr 19, 2023, Lee Jones wrote:
> > > > > On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
> > > > > 
> > > > > > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > > > > > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > > > > > > Gentle reminder to review this patch series.
> > > > > > > Gentle reminder to never top-post :)
> > > > > > > 
> > > > > > > Also, it's up to the KVM maintainers if they wish to review this or not.
> > > > > > > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > > > > > > not just use 5.15.y or newer?
> > > > > > Given the lack of responses here from the KVM developers, I'll drop this
> > > > > > from my mbox and wait for them to be properly reviewed and resend before
> > > > > > considering them for a stable release.
> > > > > KVM maintainers,
> > > > > 
> > > > > Would someone be kind enough to take a look at this for Greg please?
> > > > > 
> > > > > Note that at least one of the patches in this set has been identified as
> > > > > a fix for a serious security issue regarding the compromise of guest
> > > > > kernels due to the mishandling of flush operations.
> > > > A minor note, the security issue is serious _if_ the bug can be exploited, which
> > > > as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
> > > > between host userspace and the guest kernel, and as Jann called out, triggering
> > > > the bug on a !PREEMPT host kernel would be quite difficult in practice.
> > > > 
> > > > I don't want to downplay the seriousness of compromising guest security, but CVSS
> > > > scores for KVM CVEs almost always fail to account for the multitude of factors in
> > > > play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
> > > > EPT, which pretty much no one does when running untrusted guest code.
> > > > 
> > > > In other words, take the purported severity with a grain of salt.
> > > > 
> > > > > Please could someone confirm or otherwise that this is relevant for
> > > > > v5.10.y and older?
> > > > Acked-by: Sean Christopherson <seanjc@google.com>
> > > Thanks for taking the time to provide some background information and
> > > for the Ack Sean, much appreciated.
> > > 
> > > For anyone taking notice, I expect a little lag on this still whilst
> > > Greg is AFK.  I'll follow-up in a few days.
> > What am I supposed to do here?  The thread is long-gone from my stable
> > review queue, is there some patch I'm supposed to apply?  If so, can I
> > get a resend with the proper acks added?
> > 
> > thanks,
> > 
> > greg k-h
> 
> Yeah its been half a year since i sent this series and i had mostly
> forgotten about this.
> Sure i can resend a new version with acks/tested-by added.

Thank you Rishabh.

Please can you ensure that you Cc me on it please. 

-- 
Lee Jones [李琼斯]

[PATCH 0/9] KVM backports to 5.10

[Rishabh Bhatnagar]

This patch series backports a few VM preemption_status, steal_time and
PV TLB flushing fixes to 5.10 stable kernel.

Most of the changes backport cleanly except i had to work around a few
because of missing support/APIs in 5.10 kernel. I have captured those in
the changelog as well in the individual patches.

Earlier patch series that i'm resending for stable.
https://lore.kernel.org/all/20220909181351.23983-1-risbhat@amazon.com/

Changelog
- Use mark_page_dirty_in_slot api without kvm argument (KVM: x86: Fix
  recording of guest steal time / preempted status)
- Avoid checking for xen_msr and SEV-ES conditions (KVM: x86:
  do not set st->preempted when going back to user space)
- Use VCPU_STAT macro to expose preemption_reported and
  preemption_other fields (KVM: x86: do not report a vCPU as preempted
  outside instruction boundaries)

David Woodhouse (2):
  KVM: x86: Fix recording of guest steal time / preempted status
  KVM: Fix steal time asm constraints

Lai Jiangshan (1):
  KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior

Paolo Bonzini (5):
  KVM: x86: do not set st->preempted when going back to user space
  KVM: x86: do not report a vCPU as preempted outside instruction
    boundaries
  KVM: x86: revalidate steal time cache if MSR value changes
  KVM: x86: do not report preemption if the steal time cache is stale
  KVM: x86: move guest_pv_has out of user_access section

Sean Christopherson (1):
  KVM: x86: Remove obsolete disabling of page faults in
    kvm_arch_vcpu_put()

 arch/x86/include/asm/kvm_host.h |   5 +-
 arch/x86/kvm/svm/svm.c          |   2 +
 arch/x86/kvm/vmx/vmx.c          |   1 +
 arch/x86/kvm/x86.c              | 164 ++++++++++++++++++++++----------
 4 files changed, 122 insertions(+), 50 deletions(-)

-- 
2.39.2

Re: [PATCH 0/9] KVM backports to 5.10

[Greg KH]

On Wed, May 10, 2023 at 06:15:38PM +0000, Rishabh Bhatnagar wrote:
> This patch series backports a few VM preemption_status, steal_time and
> PV TLB flushing fixes to 5.10 stable kernel.
> 
> Most of the changes backport cleanly except i had to work around a few
> because of missing support/APIs in 5.10 kernel. I have captured those in
> the changelog as well in the individual patches.
> 
> Earlier patch series that i'm resending for stable.
> https://lore.kernel.org/all/20220909181351.23983-1-risbhat@amazon.com/

All now queued up, thanks.

greg k-h