Re: [PATCH 19/25] KVM: VMX: Add basic handling of VM-Exit from SGX enclave

From: Kai Huang
Date: Tue Mar 02 2021 - 02:48:12 EST

Next message: tiantao (H): "Re: [PATCH] w1: ds2708 and ds2781 use the new API kobj_to_dev()"
Previous message: Sergey Senozhatsky: "[PATCH] v4l-compliance: re-introduce NON_COHERENT and cache hints tests"
In reply to: Sean Christopherson: "Re: [PATCH 19/25] KVM: VMX: Add basic handling of VM-Exit from SGX enclave"
Next in thread: Kai Huang: "[PATCH 11/25] x86/sgx: Add encls_faulted() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 1 Mar 2021 08:52:13 -0800 Sean Christopherson wrote:
> On Mon, Mar 01, 2021, Kai Huang wrote:
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index 50810d471462..df8e338267aa 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -1570,12 +1570,18 @@ static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
> >
> > static bool vmx_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int insn_len)
> > {
> > + if (to_vmx(vcpu)->exit_reason.enclave_mode) {
> > + kvm_queue_exception(vcpu, UD_VECTOR);
>
> Rereading my own code, I think it would be a good idea to add a comment here
> explaining that injecting #UD is technically wrong, but avoids giving guest
> userspace an easy way to DoS the guest. The EPT misconfig is a good example;
> guest userspace could have executed a simple MOV <reg>, <mem> instruction, in
> which case injecting a #UD is bizarre behavior. But, the alternative is exiting
> to userspace with KVM_INTERNAL_ERROR_EMULATION, which is all but guaranteed to
> kill the guest.
>
> If KVM, specifically handle_emulation_failure(), ever gains a more sophisticated
> mechanism for handling userspace emulation errors, this should be updated too.
>
> /*
> * Emulation of instructions in SGX enclaves is impossible as RIP does
> * not point tthe failing instruction, and even if it did, the code
> * stream is inaccessible. Inject #UD instead of exiting to userspace
> * so that guest userspace can't DoS the guest simply by triggering
> * emulation (enclaves are CPL3 only).
> */

Agreed. Will add above comment.

>
> > + return false;
> > + }
> > return true;
> > }
>
> ...
>
> > @@ -5384,6 +5415,9 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
> > {
> > gpa_t gpa;
> >
> > + if (!vmx_can_emulate_instruction(vcpu, NULL, 0))
> > + return 1;
> > +
> > /*
> > * A nested guest cannot optimize MMIO vmexits, because we have an
> > * nGPA here instead of the required GPA.
> > --
> > 2.29.2
> >

Next message: tiantao (H): "Re: [PATCH] w1: ds2708 and ds2781 use the new API kobj_to_dev()"
Previous message: Sergey Senozhatsky: "[PATCH] v4l-compliance: re-introduce NON_COHERENT and cache hints tests"
In reply to: Sean Christopherson: "Re: [PATCH 19/25] KVM: VMX: Add basic handling of VM-Exit from SGX enclave"
Next in thread: Kai Huang: "[PATCH 11/25] x86/sgx: Add encls_faulted() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]