Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Thu, 14 Feb 2019 18:53:04 +0100
Cc: "kvm@xxxxxxxxxxxxxxx" <kvm@xxxxxxxxxxxxxxx>, "Lendacky, Thomas" <Thomas.Lendacky@xxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Venkatesh Srinivas <venkateshs@xxxxxxxxxx>
In-reply-to: <CALMp9eQS5_ztZ7XDeRjJTTy9D=98nehemKcSkMvq1rjnqK5cnA@mail.gmail.com>
Openpgp: preference=signencrypt
References: <20190212144354.7694-1-brijesh.singh@amd.com> <CALMp9eSmEymFAES79aZcu_1rck+bV9KeF7iO=3-OOk_kJ5_onw@mail.gmail.com> <f8de345a-07a1-96a6-0c5b-0321c556904d@redhat.com> <0dfc9cc2-57f5-7654-a4be-55622bf9bd54@amd.com> <ba026911-789d-b7cc-94fc-db286a9b4da9@redhat.com> <fa575926-d507-a3b4-9f63-133beb4af445@amd.com> <4949b965-d99a-db19-14a0-cb2e686c8ed6@redhat.com> <8b87e95a-9621-feca-1094-92943be8b4ec@amd.com> <1a3b44d7-de1a-37b3-190e-73ab62d10466@redhat.com> <2da3febf-e18b-06e5-9c17-9209bfe00b71@amd.com> <60854055-6c0b-8a7e-c9a3-77693d7ad91a@redhat.com> <9a2b552e-5a67-944a-b797-b3bf5e25f30b@amd.com> <CALMp9eQS5_ztZ7XDeRjJTTy9D=98nehemKcSkMvq1rjnqK5cnA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

On 14/02/19 18:31, Jim Mattson wrote:
>> Theoretically we can use the single stepping with CR4.SMAP=0.
> 
> SEV allows the hypervisor to override the guest OS's CR4.SMAP
> setting?!? That seems counter-intuitive, given SEV's intended use.
> Doesn't this potentially give a ring-3 agent in the guest an avenue to
> privilege escalation through collusion with the hypervisor?

The first version does not protect any register content.  See this paper
for an example: https://arxiv.org/pdf/1612.01119.pdf

Paolo

References:
- [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Jim Mattson
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Paolo Bonzini
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Paolo Bonzini
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Paolo Bonzini
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Paolo Bonzini
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Paolo Bonzini
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Singh, Brijesh
- Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
  - From: Jim Mattson

Prev by Date: Re: [kvm-unit-tests PATCH 2/3] KVM: nVMX: Add enable_ept() helper to configure legal EPTP
Next by Date: Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
Previous by thread: Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
Next by thread: Re: [PATCH] KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]