From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: John Allen <john.allen@amd.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, weijiang.yang@intel.com,
rick.p.edgecombe@intel.com, x86@kernel.org,
thomas.lendacky@amd.com, bp@alien8.de
Subject: Re: [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
Date: Thu, 2 Nov 2023 16:22:28 -0700 [thread overview]
Message-ID: <ZUQvNIE9iU5TqJfw@google.com> (raw)
In-Reply-To: <5e413e05de559971cdc2d1a9281a8a271590f62b.camel@redhat.com>
On Thu, Nov 02, 2023, Maxim Levitsky wrote:
> On Tue, 2023-10-10 at 20:02 +0000, John Allen wrote:
> > @@ -3032,6 +3037,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> > if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP))
> > svm_clr_intercept(svm, INTERCEPT_RDTSCP);
> > }
> > +
> > + if (kvm_caps.supported_xss)
> > + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1);
>
> This is not just a virtualization hole. This allows the guest to set MSR_IA32_XSS
> to whatever value it wants, and thus it might allow XSAVES to access some host msrs
> that guest must not be able to access.
>
> AMD might not yet have such msrs, but on Intel side I do see various components
> like 'HDC State', 'HWP state' and such.
The approach AMD has taken with SEV-ES+ is to have ucode context switch everything
that the guest can access. So, in theory, if/when AMD adds more XCR0/XSS-based
features, that state will also be context switched.
Don't get me wrong, I hate this with a passion, but it's not *quite* fatally unsafe,
just horrific.
> I understand that this is needed so that #VC handler could read this msr, and
> trying to read it will cause another #VC which is probably not allowed (I
> don't know this detail of SEV-ES)
>
> I guess #VC handler should instead use a kernel cached value of this msr
> instead, or at least KVM should only allow reads and not writes to it.
Nope, doesn't work. In addition to automatically context switching state, SEV-ES
also encrypts the guest state, i.e. KVM *can't* correctly virtualize XSS (or XCR0)
for the guest, because KVM *can't* load the guest's desired value into hardware.
The guest can do #VMGEXIT (a.k.a. VMMCALL) all it wants to request a certain XSS
or XCR0, and there's not a damn thing KVM can do to service the request.
next prev parent reply other threads:[~2023-11-02 23:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:02 [PATCH 0/9] SVM guest shadow stack support John Allen
2023-10-10 20:02 ` [PATCH 1/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 2/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2023-11-02 18:00 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 3/9] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2023-10-12 9:01 ` Nikunj A. Dadhania
2023-10-17 18:17 ` John Allen
2023-10-18 11:27 ` Nikunj A. Dadhania
2023-11-02 18:05 ` Maxim Levitsky
2023-11-06 16:45 ` Sean Christopherson
2023-11-07 18:20 ` Maxim Levitsky
2023-11-07 23:10 ` Sean Christopherson
2023-10-10 20:02 ` [PATCH 4/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp John Allen
2023-11-02 18:06 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 5/9] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2023-11-02 18:07 ` Maxim Levitsky
2024-02-26 16:56 ` John Allen
2023-10-10 20:02 ` [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2023-10-14 0:31 ` Sean Christopherson
2023-11-02 18:10 ` Maxim Levitsky
2023-11-02 23:22 ` Sean Christopherson [this message]
2023-11-07 18:20 ` Maxim Levitsky
2024-02-15 17:39 ` John Allen
2024-02-20 16:20 ` Sean Christopherson
2024-02-20 16:33 ` John Allen
2024-02-21 16:38 ` John Allen
2023-10-10 20:02 ` [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request John Allen
2023-10-12 12:59 ` Borislav Petkov
2023-10-17 18:12 ` John Allen
2023-10-17 18:49 ` Borislav Petkov
2023-11-02 18:14 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 8/9] KVM: SVM: Use KVM-governed features to track SHSTK John Allen
2023-11-02 18:07 ` Maxim Levitsky
2023-10-10 20:02 ` [PATCH 9/9] KVM: SVM: Add CET features to supported_xss John Allen
2023-11-02 18:07 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZUQvNIE9iU5TqJfw@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox