From: Sean Christopherson <seanjc@google.com>
To: John Allen <john.allen@amd.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, weijiang.yang@intel.com,
rick.p.edgecombe@intel.com, x86@kernel.org,
thomas.lendacky@amd.com, bp@alien8.de
Subject: Re: [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
Date: Fri, 13 Oct 2023 17:31:53 -0700 [thread overview]
Message-ID: <ZSnheYDyzhZ1DOW5@google.com> (raw)
In-Reply-To: <20231010200220.897953-7-john.allen@amd.com>
On Tue, Oct 10, 2023, John Allen wrote:
> When a guest issues a cpuid instruction for Fn0000000D_x0B
> (CetUserOffset), KVM will intercept and need to access the guest
> MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be
> included in the GHCB to be visible to the hypervisor.
>
> Signed-off-by: John Allen <john.allen@amd.com>
> ---
> @@ -3032,6 +3037,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP))
> svm_clr_intercept(svm, INTERCEPT_RDTSCP);
> }
> +
> + if (kvm_caps.supported_xss)
> + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1);
This creates a giant gaping virtualization hole for the guest to walk through.
Want to hide shadow stacks from the guest because hardware is broken? Too bad,
the guest can still set any and all XFeature bits it wants! I realize "KVM"
already creates such a hole by disabling interception of XSETBV, but that doesn't
make it right. In quotes because it's not like KVM has a choice for SEV-ES guests.
This is another example of SEV-SNP and beyond clearly being designed to work with
a paravisor, SVM_VMGEXIT_AP_CREATE being the other big one that comes to mind.
KVM should at least block CET by killing the VM if the guest illegally sets
CR4.CET. Ugh, and is that even possible with SVM_VMGEXIT_AP_CREATE? The guest
can shove in whatever CR4 it wants, so long as it the value is supported by
hardware.
At what point do we bite the bullet and require a paravisor? Because the more I
see of SNP, the more I'm convinced that it's not entirely safe to run untrusted
guest code at VMPL0.
next prev parent reply other threads:[~2023-10-14 0:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:02 [PATCH 0/9] SVM guest shadow stack support John Allen
2023-10-10 20:02 ` [PATCH 1/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 2/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 3/9] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2023-10-12 9:01 ` Nikunj A. Dadhania
2023-10-17 18:17 ` John Allen
2023-10-18 11:27 ` Nikunj A. Dadhania
2023-11-02 18:05 ` Maxim Levitsky
2023-11-06 16:45 ` Sean Christopherson
2023-11-07 18:20 ` Maxim Levitsky
2023-11-07 23:10 ` Sean Christopherson
2023-10-10 20:02 ` [PATCH 4/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp John Allen
2023-11-02 18:06 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 5/9] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2023-11-02 18:07 ` Maxim Levitsky
2024-02-26 16:56 ` John Allen
2023-10-10 20:02 ` [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2023-10-14 0:31 ` Sean Christopherson [this message]
2023-11-02 18:10 ` Maxim Levitsky
2023-11-02 23:22 ` Sean Christopherson
2023-11-07 18:20 ` Maxim Levitsky
2024-02-15 17:39 ` John Allen
2024-02-20 16:20 ` Sean Christopherson
2024-02-20 16:33 ` John Allen
2024-02-21 16:38 ` John Allen
2023-10-10 20:02 ` [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request John Allen
2023-10-12 12:59 ` Borislav Petkov
2023-10-17 18:12 ` John Allen
2023-10-17 18:49 ` Borislav Petkov
2023-11-02 18:14 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 8/9] KVM: SVM: Use KVM-governed features to track SHSTK John Allen
2023-11-02 18:07 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 9/9] KVM: SVM: Add CET features to supported_xss John Allen
2023-11-02 18:07 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZSnheYDyzhZ1DOW5@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox