Re: [PATCH] KVM: PPC: Book3S HV: Do not expose HFSCR sanitisation to nested hypervisor

[Nicholas Piggin <npiggin@gmail.com>]

Excerpts from Paul Mackerras's message of March 10, 2021 7:23 pm:
> On Mon, Mar 08, 2021 at 06:18:47PM +1000, Nicholas Piggin wrote:
>> Excerpts from Fabiano Rosas's message of March 6, 2021 9:10 am:
>> > As one of the arguments of the H_ENTER_NESTED hypercall, the nested
>> > hypervisor (L1) prepares a structure containing the values of various
>> > hypervisor-privileged registers with which it wants the nested guest
>> > (L2) to run. Since the nested HV runs in supervisor mode it needs the
>> > host to write to these registers.
>> > 
>> > To stop a nested HV manipulating this mechanism and using a nested
>> > guest as a proxy to access a facility that has been made unavailable
>> > to it, we have a routine that sanitises the values of the HV registers
>> > before copying them into the nested guest's vcpu struct.
>> > 
>> > However, when coming out of the guest the values are copied as they
>> > were back into L1 memory, which means that any sanitisation we did
>> > during guest entry will be exposed to L1 after H_ENTER_NESTED returns.
>> > 
>> > This is not a problem by itself, but in the case of the Hypervisor
>> > Facility Status and Control Register (HFSCR), we use the intersection
>> > between L2 hfscr bits and L1 hfscr bits. That means that L1 could use
>> > this to indirectly read the (hv-privileged) value from its vcpu
>> > struct.
>> > 
>> > This patch fixes this by making sure that L1 only gets back the bits
>> > that are necessary for regular functioning.
>> 
>> The general idea of restricting exposure of HV privileged bits, but
>> for the case of HFSCR a guest can probe the HFCR anyway by testing which 
>> facilities are available (and presumably an HV may need some way to know
>> what features are available for it to advertise to its own guests), so
>> is this necessary? Perhaps a comment would be sufficient.
> 
> I would see it a bit differently.  From L1's point of view, L0 is the
> hardware.  The situation we have now is akin to writing a value to the
> real HFSCR, then reading HFSCR and finding that some of the facility
> enable bits have magically got set to zero.  That's not the way real
> hardware works, so L0 shouldn't behave that way either, or at least
> not without some strong justification.

But the features disallowed by the L0 have to be viewed as unimplemented 
by the hardware so the bits would be reserved, so according to 
architecture they actually are allowed to return zero.

That's not my concern though, and I do agree it is a bit odd. I don't 
have a problem with leaving the FC field value unchanged.

I think at least printing a warning for unimplemented bits would be good 
though.

Thanks,
Nick