linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dave Hansen <dave.hansen@intel.com>
To: Andi Kleen <ak@linux.intel.com>,
	"Kirill A. Shutemov" <kirill@shutemov.name>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
	luto@kernel.org, peterz@infradead.org,
	sathyanarayanan.kuppuswamy@linux.intel.com,
	dan.j.williams@intel.com, david@redhat.com, hpa@zytor.com,
	seanjc@google.com, thomas.lendacky@amd.com,
	elena.reshetova@intel.com, x86@kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()
Date: Mon, 31 Oct 2022 12:44:15 -0700	[thread overview]
Message-ID: <d3469e0b-32a5-d130-41b1-facdf0d91a92@intel.com> (raw)
In-Reply-To: <8887d182-a3e3-f62a-8b8f-36db1da75b19@linux.intel.com>

On 10/31/22 12:27, Andi Kleen wrote:
>> Moving panic() after earlyprintk working is not good idea as it exposes
>> kernel more: by the time we already have full #VE handler.
> 
> It should be fine to move since there is no user land at this point (the
> attack requires user land)

Maybe I'm misunderstanding the exposure.  A normal MMIO #VE goes
something like this:

	1. %rax points to some MMIO
	2. Kernel executes: mov (%rax),%rbx, trying to read MMIO
	3. #VE handler is triggered
	4. Handler emulates the 'mov' with instruction decoding
	5. Handler asks the VMM what the value of %rax should be
	6. Handler puts VMM value in %rax
	7. Return from #VE

I think the attack scenario subverts a normal MMIO to the following
(changes from the normal flow are marked with *):

	*1. %rax points to some private kernel memory, VMM removes
	    Secure-EPT entry for that memory.
	 2. Kernel executes: mov (%rax),%rbx as part of normal kernel
	    execution, not an MMIO read.
	 3. #VE handler is triggered, assuming a MMIO read
	 4. Handler emulates the 'mov' with instruction decoding
	 5. Handler asks the VMM what the value of %rax should be
	*6. Handler puts (malicious) VMM value in %rax
	 7. Return from #VE
	*8. Now the guest kernel is running with an attacker-controlled
	    %rax

This effectively gives the attacker the ability to override the contents
of a memory read.

Am I misunderstanding the attack scenario?  I don't see guest userspace
needing to be involved at all.



  reply	other threads:[~2022-10-31 19:44 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-28 14:12 [PATCH 0/2] x86/tdx: Enforce no #VE on private memory accesses Kirill A. Shutemov
2022-10-28 14:12 ` [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask() Kirill A. Shutemov
2022-10-28 15:43   ` Dave Hansen
2022-10-28 23:27   ` Dave Hansen
2022-10-28 23:59     ` Kirill A. Shutemov
2022-10-31  4:12       ` Kirill A. Shutemov
2022-10-31 16:42         ` Dave Hansen
2022-10-31 19:19           ` Kirill A. Shutemov
2022-10-31 19:27         ` Andi Kleen
2022-10-31 19:44           ` Dave Hansen [this message]
2022-10-31 22:10             ` Kirill A. Shutemov
2022-10-28 14:12 ` [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory Kirill A. Shutemov
2022-10-28 15:41   ` Dave Hansen
2022-10-31  4:07   ` Guorui Yu
2022-10-31  4:33     ` Kirill A. Shutemov
2022-10-31 14:22     ` Dave Hansen
2022-11-04 22:36       ` Erdem Aktas
2022-11-04 22:50         ` Dave Hansen
2022-11-07 22:53           ` Erdem Aktas
2022-11-07 23:30             ` Dave Hansen
2022-11-07  5:10       ` Guorui Yu
2022-11-07 13:31         ` Dave Hansen
2022-11-07 13:43           ` Guorui Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d3469e0b-32a5-d130-41b1-facdf0d91a92@intel.com \
    --to=dave.hansen@intel.com \
    --cc=ak@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=dan.j.williams@intel.com \
    --cc=david@redhat.com \
    --cc=elena.reshetova@intel.com \
    --cc=hpa@zytor.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kirill@shutemov.name \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=seanjc@google.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).