[07/14] KVM: x86: SVM: add warning for CVE-2021-3656

Message ID	20210914154825.104886-8-mlevitsk@redhat.com
State	New
Headers	show Return-Path: <linux-kselftest-owner@kernel.org> From: Maxim Levitsky <mlevitsk@redhat.com> To: kvm@vger.kernel.org Cc: Vitaly Kuznetsov <vkuznets@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Borislav Petkov <bp@alien8.de>, Bandan Das <bsd@redhat.com>, linux-kernel@vger.kernel.org (open list), Joerg Roedel <joro@8bytes.org>, Ingo Molnar <mingo@redhat.com>, Wei Huang <wei.huang2@amd.com>, Sean Christopherson <seanjc@google.com>, linux-kselftest@vger.kernel.org (open list:KERNEL SELFTEST FRAMEWORK), Maxim Levitsky <mlevitsk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Jim Mattson <jmattson@google.com>, Thomas Gleixner <tglx@linutronix.de>, x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), Shuah Khan <shuah@kernel.org>, Wanpeng Li <wanpengli@tencent.com> Subject: [PATCH 07/14] KVM: x86: SVM: add warning for CVE-2021-3656 Date: Tue, 14 Sep 2021 18:48:18 +0300 Message-Id: <20210914154825.104886-8-mlevitsk@redhat.com> In-Reply-To: <20210914154825.104886-1-mlevitsk@redhat.com> References: <20210914154825.104886-1-mlevitsk@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr \| expand [01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr [03/14] KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround [05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12 [07/14] KVM: x86: SVM: add warning for CVE-2021-3656 [09/14] KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running [11/14] KVM: x86: nSVM: implement nested VMLOAD/VMSAVE [13/14] KVM: x86: nSVM: implement nested TSC scaling

Message ID

20210914154825.104886-8-mlevitsk@redhat.com

State

New

Headers

From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Borislav Petkov <bp@alien8.de>, Bandan Das <bsd@redhat.com>,
	linux-kernel@vger.kernel.org (open list),
	Joerg Roedel <joro@8bytes.org>, Ingo Molnar <mingo@redhat.com>,
	Wei Huang <wei.huang2@amd.com>, Sean Christopherson <seanjc@google.com>,
	linux-kselftest@vger.kernel.org (open list:KERNEL SELFTEST FRAMEWORK),
	Maxim Levitsky <mlevitsk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Jim Mattson <jmattson@google.com>, Thomas Gleixner <tglx@linutronix.de>,
	x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
	Shuah Khan <shuah@kernel.org>, Wanpeng Li <wanpengli@tencent.com>
Subject: [PATCH 07/14] KVM: x86: SVM: add warning for CVE-2021-3656
Date: Tue, 14 Sep 2021 18:48:18 +0300
Message-Id: <20210914154825.104886-8-mlevitsk@redhat.com>
In-Reply-To: <20210914154825.104886-1-mlevitsk@redhat.com>
References: <20210914154825.104886-1-mlevitsk@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr | expand

Commit Message

Maxim Levitsky Sept. 14, 2021, 3:48 p.m. UTC

Just in case, add a warning ensuring that on guest entry,
either both VMLOAD and VMSAVE intercept is enabled or
vVMLOAD/VMSAVE is enabled.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/svm/svm.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Paolo Bonzini Sept. 23, 2021, 4:44 p.m. UTC | #1

On 14/09/21 17:48, Maxim Levitsky wrote:
> Just in case, add a warning ensuring that on guest entry,

> either both VMLOAD and VMSAVE intercept is enabled or

> vVMLOAD/VMSAVE is enabled.

> 

> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>

> ---

>   arch/x86/kvm/svm/svm.c | 6 ++++++

>   1 file changed, 6 insertions(+)

> 

> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c

> index 861ac9f74331..deeebd05f682 100644

> --- a/arch/x86/kvm/svm/svm.c

> +++ b/arch/x86/kvm/svm/svm.c

> @@ -3784,6 +3784,12 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)

>   

>   	WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));

>   

> +	/* Check that CVE-2021-3656 can't happen again */

> +	if (!svm_is_intercept(svm, INTERCEPT_VMSAVE) ||

> +	    !svm_is_intercept(svm, INTERCEPT_VMSAVE))

> +		WARN_ON(!(svm->vmcb->control.virt_ext &

> +			  VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK));

> +

>   	sync_lapic_to_cr8(vcpu);

>   

>   	if (unlikely(svm->asid != svm->vmcb->control.asid)) {

> 


While it's nice to be "proactive", this does adds some extra work. 
Maybe it should be under CONFIG_DEBUG_KERNEL.  It could be useful to 
make it into its own function so we can add similar intercept invariants 
in the same place.

Paolo

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 861ac9f74331..deeebd05f682 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3784,6 +3784,12 @@  static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
 
 	WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));
 
+	/* Check that CVE-2021-3656 can't happen again */
+	if (!svm_is_intercept(svm, INTERCEPT_VMSAVE) ||
+	    !svm_is_intercept(svm, INTERCEPT_VMSAVE))
+		WARN_ON(!(svm->vmcb->control.virt_ext &
+			  VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK));
+
 	sync_lapic_to_cr8(vcpu);
 
 	if (unlikely(svm->asid != svm->vmcb->control.asid)) {

[07/14] KVM: x86: SVM: add warning for CVE-2021-3656

Commit Message

Comments

Patch