From: Wei Liu <wei.liu@kernel.org>
To: Michael Kelley <mikelley@microsoft.com>
Cc: kys@microsoft.com, wei.liu@kernel.org, decui@microsoft.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, hpa@zytor.com, x86@kernel.org,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org
Subject: Re: [PATCH 1/1] x86/hyperv: Block root partition functionality in a Confidential VM
Date: Fri, 17 Mar 2023 10:57:59 +0000 [thread overview]
Message-ID: <ZBRHt9TnYLuA+tI3@liuwe-devbox-debian-v2> (raw)
In-Reply-To: <1678894453-95392-1-git-send-email-mikelley@microsoft.com>
On Wed, Mar 15, 2023 at 08:34:13AM -0700, Michael Kelley wrote:
> Hyper-V should never specify a VM that is a Confidential VM and also
> running in the root partition. Nonetheless, explicitly block such a
> combination to guard against a compromised Hyper-V maliciously trying to
> exploit root partition functionality in a Confidential VM to expose
> Confidential VM secrets. No known bug is being fixed, but the attack
> surface for Confidential VMs on Hyper-V is reduced.
>
> Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Applied to hyperv-fixes. Thanks.
> ---
> arch/x86/kernel/cpu/mshyperv.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index ff348eb..ac630ec 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -356,12 +356,16 @@ static void __init ms_hyperv_init_platform(void)
> * To mirror what Windows does we should extract CPU management
> * features and use the ReservedIdentityBit to detect if Linux is the
> * root partition. But that requires negotiating CPU management
> - * interface (a process to be finalized).
> + * interface (a process to be finalized). For now, use the privilege
> + * flag as the indicator for running as root.
> *
> - * For now, use the privilege flag as the indicator for running as
> - * root.
> + * Hyper-V should never specify running as root and as a Confidential
> + * VM. But to protect against a compromised/malicious Hyper-V trying
> + * to exploit root behavior to expose Confidential VM memory, ignore
> + * the root partition setting if also a Confidential VM.
> */
> - if (cpuid_ebx(HYPERV_CPUID_FEATURES) & HV_CPU_MANAGEMENT) {
> + if ((ms_hyperv.priv_high & HV_CPU_MANAGEMENT) &&
> + !(ms_hyperv.priv_high & HV_ISOLATION)) {
> hv_root_partition = true;
> pr_info("Hyper-V: running as root partition\n");
> }
> --
> 1.8.3.1
>
prev parent reply other threads:[~2023-03-17 10:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-15 15:34 [PATCH 1/1] x86/hyperv: Block root partition functionality in a Confidential VM Michael Kelley
2023-03-17 10:57 ` Wei Liu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZBRHt9TnYLuA+tI3@liuwe-devbox-debian-v2 \
--to=wei.liu@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=hpa@zytor.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikelley@microsoft.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).