KVM: SEV: snapshot the GHCB before accessing it - kernel

diff options

author	Paolo Bonzini <[email protected]>	2023-08-04 16:42:45 +0000
committer	Paolo Bonzini <[email protected]>	2023-08-04 17:33:06 +0000
commit	4e15a0ddc3ff40e8ea84032213976ecf774d7f77 (patch)
tree	950e2a1a88cb352c9ad87800dec88ab997778e32 /tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py
parent	KVM: selftests: Expand x86's sregs test to cover illegal CR0 values (diff)
download	kernel-4e15a0ddc3ff40e8ea84032213976ecf774d7f77.tar.gz kernel-4e15a0ddc3ff40e8ea84032213976ecf774d7f77.zip

KVM: SEV: snapshot the GHCB before accessing it

Validation of the GHCB is susceptible to time-of-check/time-of-use vulnerabilities. To avoid them, we would like to always snapshot the fields that are read in sev_es_validate_vmgexit(), and not use the GHCB anymore after it returns. This means: - invoking sev_es_sync_from_ghcb() before any GHCB access, including before sev_es_validate_vmgexit() - snapshotting all fields including the valid bitmap and the sw_scratch field, which are currently not caching anywhere. The valid bitmap is the first thing to be copied out of the GHCB; then, further accesses will use the copy in svm->sev_es. Fixes: 291bd20d5d88 ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT") Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: