leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4917f55b4e
linux/arch/x86/kvm
History
Mingwei Zhang 683412ccf6 KVM: SEV: add cache flush to solve SEV cache incoherency issues 
Flush the CPU caches when memory is reclaimed from an SEV guest (where
reclaim also includes it being unmapped from KVM's memslots).  Due to lack
of coherency for SEV encrypted memory, failure to flush results in silent
data corruption if userspace is malicious/broken and doesn't ensure SEV
guest memory is properly pinned and unpinned.

Cache coherency is not enforced across the VM boundary in SEV (AMD APM
vol.2 Section 15.34.7). Confidential cachelines, generated by confidential
VM guests have to be explicitly flushed on the host side. If a memory page
containing dirty confidential cachelines was released by VM and reallocated
to another user, the cachelines may corrupt the new user at a later time.

KVM takes a shortcut by assuming all confidential memory remain pinned
until the end of VM lifetime. Therefore, KVM does not flush cache at
mmu_notifier invalidation events. Because of this incorrect assumption and
the lack of cache flushing, malicous userspace can crash the host kernel:
creating a malicious VM and continuously allocates/releases unpinned
confidential memory pages when the VM is running.

Add cache flush operations to mmu_notifier operations to ensure that any
physical memory leaving the guest VM get flushed. In particular, hook
mmu_notifier_invalidate_range_start and mmu_notifier_release events and
flush cache accordingly. The hook after releasing the mmu lock to avoid
contention with other vCPUs.

Cc: stable@vger.kernel.org
Suggested-by: Sean Christpherson <seanjc@google.com>
Reported-by: Mingwei Zhang <mizhang@google.com>
Signed-off-by: Mingwei Zhang <mizhang@google.com>
Message-Id: <20220421031407.2516575-4-mizhang@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-21 15:41:00 -04:00
..
mmu KVM: x86/mmu: remove unnecessary flush_workqueue() 2022-04-05 08:11:12 -04:00
svm KVM: SEV: add cache flush to solve SEV cache incoherency issues 2022-04-21 15:41:00 -04:00
vmx KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog 2022-04-21 13:16:14 -04:00
cpuid.c * Only do MSR filtering for MSRs accessed by rdmsr/wrmsr 2022-04-02 12:09:02 -07:00
cpuid.h kvm: x86: Add support for getting/setting expanded xstate buffer 2022-01-14 13:44:41 -05:00
debugfs.c Merge branch 'kvm-pi-raw-spinlock' into HEAD 2022-01-19 12:14:02 -05:00
emulate.c * Only do MSR filtering for MSRs accessed by rdmsr/wrmsr 2022-04-02 12:09:02 -07:00
fpu.h KVM: x86: Move FPU register accessors into fpu.h 2021-06-17 13:09:24 -04:00
hyperv.c KVM: x86: hyper-v: Avoid writing to TSC page without an active vCPU 2022-04-11 13:29:51 -04:00
hyperv.h KVM: x86: hyper-v: Avoid writing to TSC page without an active vCPU 2022-04-11 13:29:51 -04:00
i8254.c KVM: x86: Add wrappers for setting/clearing APICv inhibits 2022-04-02 05:34:44 -04:00
i8254.h
i8259.c KVM: x86/i8259: Remove unused "addr" of elcr_ioport_{read,write}() 2022-02-10 13:47:12 -05:00
ioapic.c KVM: x86/ioapic: Remove unused "addr" and "length" of ioapic_read_indirect() 2022-02-10 13:47:13 -05:00
ioapic.h x86/kvm: remove unused ack_notifier callbacks 2021-11-18 07:05:57 -05:00
irq_comm.c KVM: x86/xen: Add KVM_IRQ_ROUTING_XEN_EVTCHN and event channel delivery 2022-01-07 10:44:45 -05:00
irq.c KVM: x86/xen: Add event channel interrupt vector upcall 2021-02-04 14:19:39 +00:00
irq.h x86/kvm: remove unused ack_notifier callbacks 2021-11-18 07:05:57 -05:00
Kconfig KVM: x86/mmu: Remove MMU auditing 2022-02-18 13:46:23 -05:00
kvm_cache_regs.h KVM: X86: Remove kvm_register_clear_available() 2021-12-08 04:25:03 -05:00
kvm_emulate.h * Only do MSR filtering for MSRs accessed by rdmsr/wrmsr 2022-04-02 12:09:02 -07:00
kvm_onhyperv.c KVM: x86: Uninline and export hv_track_root_tdp() 2022-02-10 13:47:19 -05:00
kvm_onhyperv.h KVM: x86: Uninline and export hv_track_root_tdp() 2022-02-10 13:47:19 -05:00
lapic.c KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() 2022-03-29 13:22:01 -04:00
lapic.h KVM: x86: Make kvm_lapic_set_reg() a "private" xAPIC helper 2022-03-01 08:50:48 -05:00
Makefile KVM: Add Makefile.kvm for common files, use it for x86 2021-12-09 12:56:02 -05:00
mmu.h KVM: X86: Handle implicit supervisor access with SMAP 2022-04-02 05:34:43 -04:00
mtrr.c KVM: x86: Add helper to consolidate "raw" reserved GPA mask calculations 2021-02-04 09:27:30 -05:00
pmu.c KVM: x86/pmu: Fix and isolate TSX-specific performance event logic 2022-04-02 05:34:46 -04:00
pmu.h KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog 2022-04-21 13:16:14 -04:00
reverse_cpuid.h KVM: SEV: Mask CPUID[0x8000001F].eax according to supported features 2021-04-26 05:27:15 -04:00
trace.h KVM: x86: Trace all APICv inhibit changes and capture overall status 2022-04-02 05:34:45 -04:00
tss.h
x86.c KVM: SEV: add cache flush to solve SEV cache incoherency issues 2022-04-21 15:41:00 -04:00
x86.h ARM: 2022-03-24 11:58:57 -07:00
xen.c KVM: Remove dirty handling from gfn_to_pfn_cache completely 2022-04-02 05:34:41 -04:00
xen.h KVM: x86/xen: Add KVM_IRQ_ROUTING_XEN_EVTCHN and event channel delivery 2022-01-07 10:44:45 -05:00