Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 14, 2019 at 6:31 AM Singh, Brijesh <brijesh.singh@xxxxxxx> wrote:
>
>
>
> On 2/14/19 6:26 AM, Paolo Bonzini wrote:
> > On 13/02/19 20:02, Singh, Brijesh wrote:
> >>> Ok so that's pretty messed up.  Is this fixed with newer microcode, and
> >>> how widespread is this silicon?  I'm tempted to just blacklist SMAP on
> >>> the affected steppings.
> >>
> >> This errata is applicable to Family 17h model 00_0fh only, and it is
> >> definitely planned to fix in the upcoming CPUs. For now, we just need to
> >> workaround for the Fam 17h_00_0Fh.
> >
> > So it's on all steppings; no microcode fix. :(
>
> Unfortunately yes :(
>
> >
> >> I am not sure about blacklist SMAP all together, for non SEV its
> >> very easy to workaround. For SEV case, I am just trying to say that
> >> we will *not* workaround (it does not mean that its not possible)
> >>
> >>> Would it work to retry the instruction with CR4.SMAP=0 and EFLAGS.TF=1,
> >>> and set CR4.SMAP back to 1 in the #DB handler?
> >>
> >> Theoretically we should be able to do this to workaround. But since
> >> the errata is not wide spread hence I am not sure about going to
> >> this path. Also there are not many apps doing MMIO from userspace
> >> hence I thought its okay to not workaround for the SEV guest.
> >>
> >> Having said so, if we find the actual need to workaround then we can
> >> go to that path.
> >
> > If it's not too hard, having the workaround would be nice(r).
> >
>
> For now I am inclined to go with what we have. Will submit v2
> with fixes.
>
> Theoretically we can use the single stepping with CR4.SMAP=0.

SEV allows the hypervisor to override the guest OS's CR4.SMAP
setting?!? That seems counter-intuitive, given SEV's intended use.
Doesn't this potentially give a ring-3 agent in the guest an avenue to
privilege escalation through collusion with the hypervisor?



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux