From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH 02/12] KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs
Date: Wed, 3 Feb 2021 16:01:07 -0800 [thread overview]
Message-ID: <20210204000117.3303214-3-seanjc@google.com> (raw)
In-Reply-To: <20210204000117.3303214-1-seanjc@google.com>
Don't clear the SME C-bit when reading a guest PDPTR, as the GPA (CR3) is
in the guest domain.
Barring a bizarre paravirtual use case, this is likely a benign bug. SME
is not emulated by KVM, loading SEV guest PDPTRs is doomed as KVM can't
use the correct key to read guest memory, and setting guest MAXPHYADDR
higher than the host, i.e. overlapping the C-bit, would cause faults in
the guest.
Note, for SEV guests, stripping the C-bit is technically aligned with CPU
behavior, but for KVM it's the greater of two evils. Because KVM doesn't
have access to the guest's encryption key, ignoring the C-bit would at
best result in KVM reading garbage. By keeping the C-bit, KVM will
fail its read (unless userspace creates a memslot with the C-bit set).
The guest will still undoubtedly die, as KVM will use '0' for the PDPTR
value, but that's preferable to interpreting encrypted data as a PDPTR.
Fixes: d0ec49d4de90 ("kvm/x86/svm: Support Secure Memory Encryption within KVM")
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/kvm/svm/nested.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 1ffb28cfe39d..70c72fe61e02 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -58,7 +58,7 @@ static u64 nested_svm_get_tdp_pdptr(struct kvm_vcpu *vcpu, int index)
u64 pdpte;
int ret;
- ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(__sme_clr(cr3)), &pdpte,
+ ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(cr3), &pdpte,
offset_in_page(cr3) + index * 8, 8);
if (ret)
return 0;
--
2.30.0.365.g02bc693789-goog
next prev parent reply other threads:[~2021-02-04 0:02 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-04 0:01 [PATCH 00/12] KVM: x86: Legal GPA fixes and cleanups Sean Christopherson
2021-02-04 0:01 ` [PATCH 01/12] KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset Sean Christopherson
2021-02-04 0:01 ` Sean Christopherson [this message]
2021-02-04 0:01 ` [PATCH 03/12] KVM: x86: Add a helper to check for a legal GPA Sean Christopherson
2021-02-04 0:01 ` [PATCH 04/12] KVM: x86: Add a helper to handle legal GPA with an alignment requirement Sean Christopherson
2021-02-04 0:01 ` [PATCH 05/12] KVM: VMX: Use GPA legality helpers to replace open coded equivalents Sean Christopherson
2021-02-04 0:01 ` [PATCH 06/12] KVM: nSVM: Use common GPA helper to check for illegal CR3 Sean Christopherson
2021-02-04 0:01 ` [PATCH 07/12] KVM: x86: SEV: Treat C-bit as legal GPA bit regardless of vCPU mode Sean Christopherson
2021-02-04 2:03 ` Edgecombe, Rick P
2021-02-04 2:19 ` Sean Christopherson
2021-02-04 10:34 ` Paolo Bonzini
2021-02-04 17:31 ` Edgecombe, Rick P
2021-02-04 17:52 ` Sean Christopherson
2021-02-04 17:56 ` Paolo Bonzini
2021-02-04 18:01 ` Sean Christopherson
2021-02-04 0:01 ` [PATCH 08/12] KVM: x86: Use reserved_gpa_bits to calculate reserved PxE bits Sean Christopherson
2021-02-04 0:01 ` [PATCH 09/12] KVM: x86/mmu: Add helper to generate mask of reserved HPA bits Sean Christopherson
2021-02-04 0:01 ` [PATCH 10/12] KVM: x86: Add helper to consolidate "raw" reserved GPA mask calculations Sean Christopherson
2021-02-04 0:01 ` [PATCH 11/12] KVM: x86: Move nVMX's consistency check macro to common code Sean Christopherson
2021-02-04 0:01 ` [PATCH 12/12] KVM: nSVM: Trace VM-Enter consistency check failures Sean Christopherson
2021-02-04 10:44 ` [PATCH 00/12] KVM: x86: Legal GPA fixes and cleanups Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210204000117.3303214-3-seanjc@google.com \
--to=seanjc@google.com \
--cc=brijesh.singh@amd.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).