Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-21 19:41:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
c1ccbbaa76
linux/arch/x86
History
Sean Christopherson 66155de93b KVM: x86: Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX) 
Disallow read-only memslots for SEV-{ES,SNP} VM types, as KVM can't
directly emulate instructions for ES/SNP, and instead the guest must
explicitly request emulation.  Unless the guest explicitly requests
emulation without accessing memory, ES/SNP relies on KVM creating an MMIO
SPTE, with the subsequent #NPF being reflected into the guest as a #VC.

But for read-only memslots, KVM deliberately doesn't create MMIO SPTEs,
because except for ES/SNP, doing so requires setting reserved bits in the
SPTE, i.e. the SPTE can't be readable while also generating a #VC on
writes.  Because KVM never creates MMIO SPTEs and jumps directly to
emulation, the guest never gets a #VC.  And since KVM simply resumes the
guest if ES/SNP guests trigger emulation, KVM effectively puts the vCPU
into an infinite #NPF loop if the vCPU attempts to write read-only memory.

Disallow read-only memory for all VMs with protected state, i.e. for
upcoming TDX VMs as well as ES/SNP VMs.  For TDX, it's actually possible
to support read-only memory, as TDX uses EPT Violation #VE to reflect the
fault into the guest, e.g. KVM could configure read-only SPTEs with RX
protections and SUPPRESS_VE=0.  But there is no strong use case for
supporting read-only memslots on TDX, e.g. the main historical usage is
to emulate option ROMs, but TDX disallows executing from shared memory.
And if someone comes along with a legitimate, strong use case, the
restriction can always be lifted for TDX.

Don't bother trying to retroactively apply the restriction to SEV-ES
VMs that are created as type KVM_X86_DEFAULT_VM.  Read-only memslots can't
possibly work for SEV-ES, i.e. disallowing such memslots is really just
means reporting an error to userspace instead of silently hanging vCPUs.
Trying to deal with the ordering between KVM_SEV_INIT and memslot creation
isn't worth the marginal benefit it would provide userspace.

Fixes: 26c44aa9e0 ("KVM: SEV: define VM types for SEV and SEV-ES")
Fixes: 1dfe571c12 ("KVM: SEV: Add initial SEV-SNP support")
Cc: Peter Gonda <pgonda@google.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Vishal Annapurve <vannapurve@google.com>
Cc: Ackerly Tng <ackerleytng@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20240809190319.1710470-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-08-14 12:28:24 -04:00
..
boot Kbuild updates for v6.11 2024-07-23 14:32:21 -07:00
coco x86/sev: Fix __reserved field in sev_config 2024-07-30 10:07:26 +02:00
configs
crypto
entry uretprobe: change syscall number, again 2024-08-02 15:18:49 +02:00
events perf/x86: Fix smp_processor_id()-in-preemptible warnings 2024-07-31 12:57:39 +02:00
hyperv
ia32
include KVM: x86: Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX) 2024-08-14 12:28:24 -04:00
kernel x86/mtrr: Check if fixed MTRRs exist before saving them 2024-08-08 17:03:12 +02:00
kvm KVM: x86: Make x2APIC ID 100% readonly 2024-08-13 12:01:46 -04:00
lib x86/uaccess: Zero the 8-byte get_range case on failure on 32-bit 2024-08-01 21:19:10 +02:00
math-emu
mm x86/mm: Fix PTI for i386 some more 2024-08-07 15:35:01 +02:00
net
pci - Flip the logic to add feature names to /proc/cpuinfo to having to 2024-07-15 20:25:16 -07:00
platform xen: branch for v6.11-rc1a 2024-07-27 09:58:24 -07:00
power
purgatory
ras
realmode
tools
um This pull request contains the following changes for UML: 2024-07-25 12:33:08 -07:00
video
virt - Add support for running the kernel in a SEV-SNP guest, over a Secure 2024-07-16 11:12:25 -07:00
xen xen: branch for v6.11-rc1a 2024-07-27 09:58:24 -07:00
.gitignore
Kbuild
Kconfig Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug
Makefile
Makefile_32.cpu
Makefile.postlink
Makefile.um