Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




That should really say that a nested #HV should never be raised by the
hypervisor, but if it is, then the guest should detect that and
self-terminate knowing that the hypervisor is possibly being malicious.

I've yet to see code that can do that reliably.

- Currently, we are detecting the direct nested #HV with below check and
  guest self terminate.

  <snip>
	if (get_stack_info_noinstr(stack, current, &info) &&
	    (info.type == (STACK_TYPE_EXCEPTION + ESTACK_HV) ||
	     info.type == (STACK_TYPE_EXCEPTION + ESTACK_HV2)))
		panic("Nested #HV exception, HV IST corrupted, stack
                type = %d\n", info.type);
  </snip>

- Thinking about below solution to detect the nested
  #HV reliably:

  -- Make reliable IST stack switching for #VC -> #HV -> #VC case
     (similar to done in __sev_es_ist_enter/__sev_es_ist_exit for NMI
     IST stack).

  -- In addition to this, we can make nested #HV detection (with another
     exception type) more reliable with refcounting (percpu?).

Need your inputs before I implement this solution. Or any other idea in software you have in mind?

Thanks,
Pankaj




[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux