[v2] Nested SVM fixes, cleanups, and hardening

[PATCH v2 00/13] Nested SVM fixes, cleanups, and hardening

Yosry Ahmed posted 13 patches 2 months, 4 weeks ago

Diff against v1 v3 v4 v5
Download series mbox

There is a newer version of this series

arch/x86/include/asm/svm.h                    |  26 +-
arch/x86/kvm/svm/nested.c                     | 349 ++++++++++++------
arch/x86/kvm/svm/sev.c                        |   4 +-
arch/x86/kvm/svm/svm.c                        |  57 +--
arch/x86/kvm/svm/svm.h                        |  46 ++-
arch/x86/kvm/x86.c                            |   3 +
tools/testing/selftests/kvm/Makefile.kvm      |   1 +
.../selftests/kvm/include/x86/processor.h     |   5 +
tools/testing/selftests/kvm/include/x86/svm.h |  14 +-
.../selftests/kvm/x86/svm_lbr_nested_state.c  | 155 ++++++++
10 files changed, 490 insertions(+), 170 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86/svm_lbr_nested_state.c

Expand all Fold all

[PATCH v2 00/13] Nested SVM fixes, cleanups, and hardening

Posted by Yosry Ahmed 2 months, 4 weeks ago

A group of semi-related fixes, cleanups, and hardening patches for nSVM.
This series is based on kvm/master.

Patches 1-3 here are v2 of the last 3 patches in in the LBRV fixes
series [1]. The first 3 patches of [1] are already in kvm/master. The
rest of this series is v2 of [2].

Patches 4-6 fix or add missing consistency checks.

Patches 7-8 are renames to clarify some VMCB fields.

Patches 9-12 add hardening to reading the VMCB12, caching all used
fields in the save area to prevent theoritical TOC-TOU bugs, sanitizing
used fields in the control area, and restricting accesses to the VMCB12
through guest memory.

Patch 13 further restricts fields copied from VMCB01 to VMCB12.

v1 -> v2:
- Prepended some patches from the LBRV series.
- Used nested_npt_enabled() to guard consistency checks in patch 4.
- Best effort attempt to dynamically determine supported exception
  vectors in patch 6.
- Commit logs massaging and minor nits.

[1]https://lore.kernel.org/kvm/20251108004524.1600006-1-yosry.ahmed@linux.dev/
[2]https://lore.kernel.org/kvm/20251104195949.3528411-1-yosry.ahmed@linux.dev/

Yosry Ahmed (13):
  KVM: SVM: Switch svm_copy_lbrs() to a macro
  KVM: SVM: Add missing save/restore handling of LBR MSRs
  KVM: selftests: Add a test for LBR save/restore (ft. nested)
  KVM: nSVM: Fix consistency checks for NP_ENABLE
  KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
  KVM: nSVM: Add missing consistency check for event_inj
  KVM: SVM: Rename vmcb->nested_ctl to vmcb->misc_ctl
  KVM: SVM: Rename vmcb->virt_ext to vmcb->misc_ctl2
  KVM: nSVM: Cache all used fields from VMCB12
  KVM: nSVM: Restrict mapping VMCB12 on nested VMRUN
  KVM: nSVM: Simplify nested_svm_vmrun()
  KVM: nSVM: Sanitize control fields copied from VMCB12
  KVM: nSVM: Only copy NP_ENABLE from VMCB01's misc_ctl

 arch/x86/include/asm/svm.h                    |  26 +-
 arch/x86/kvm/svm/nested.c                     | 349 ++++++++++++------
 arch/x86/kvm/svm/sev.c                        |   4 +-
 arch/x86/kvm/svm/svm.c                        |  57 +--
 arch/x86/kvm/svm/svm.h                        |  46 ++-
 arch/x86/kvm/x86.c                            |   3 +
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../selftests/kvm/include/x86/processor.h     |   5 +
 tools/testing/selftests/kvm/include/x86/svm.h |  14 +-
 .../selftests/kvm/x86/svm_lbr_nested_state.c  | 155 ++++++++
 10 files changed, 490 insertions(+), 170 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/svm_lbr_nested_state.c

-- 
2.51.2.1041.gc1ab5b90ca-goog