Re: [PATCH] virt: Prevent AES-GCM IV reuse in SNP guest driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/19/22 12:40, Peter Gonda wrote:
On Wed, Oct 19, 2022 at 11:03 AM Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:

On 10/19/22 10:03, Peter Gonda wrote:
The ASP and an SNP guest use a series of AES-GCM keys called VMPCKs to
communicate securely with each other. The IV to this scheme is a
sequence number that both the ASP and the guest track. Currently this
sequence number in a guest request must exactly match the sequence
number tracked by the ASP. This means that if the guest sees an error
from the host during a request it can only retry that exact request or
disable the VMPCK to prevent an IV reuse. AES-GCM cannot tolerate IV
reuse see:
https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf


I think I've wrapped my head around this now. Any non-zero return code from the hypervisor for an SNP Guest Request is either a hypervisor error or an sev-guest driver error, and so the VMPCK should be disabled. The sev-guest driver is really doing everything (message headers, performing the encryption, etc.) and is only using userspace data that will be part of the response message and can't result in a non-zero hypervisor return code.

For the SNP Extended Guest Request, we only need to special case a return code of SNP_GUEST_REQ_INVALID_LEN. See below for my responses on that.


I wonder if we can at least still support the extended report length query
by having the kernel allocate the required pages when the error is
SNP_GUEST_REQ_INVALID_LEN and retry the exact request again. If there are
no errors on the second request, the sequence numbers can be safely
updated, but the kernel returns the original error (which will provide the
caller with the number of pages required).

I think we can but I thought fixing the security bug could come first,
then the usability fix after. Dionna was planning on working on that
fix.

In that flow how does userspace get the data? Its called the ioctl
with not enough output buffer space. What if the userspace calls the
ioctl with no buffers space allocated, so its trying to query the
length. We just send the host the request without any encrypted data.

In the case of SNP_GUEST_REQ_INVALID_LEN, userspace wouldn't get the data if it hasn't supplied enough buffer space. But, the sev-guest driver can supply enough buffer space and invoke the SNP Extended Guest Request again in order to successfully complete the call and update the sequence numbers. The sev-guest driver would just discard the data in this case, but pass back the original "not enough buffer space" error to the caller, who could now allocate space and retry. This then allows the sequence numbers to be bumped properly.



For the rate-limiting patch series [1], the rate-limiting will have to be
performed within the kernel, while the mutex is held, and then retry the
exact request again. Otherwise, that error will require disabling the
VMPCK. Either that, or the hypervisor must provide the rate limiting.

Thoughts?

[1] https://lore.kernel.org/lkml/20221013160040.2858732-1-dionnaglaze@xxxxxxxxxx/

Yes I think if the host rate limits the guest. The guest kernel should
retry the exact message. Which mutex are you referring too?

Or the host waits and then submits the request and the guest kernel doesn't have to do anything. The mutex I'm referring to is the snp_cmd_mutex that is taken in snp_guest_ioctl().

Thanks,
Tom



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux