[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4] x86/HVM: support emulated UMIP


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 17 Mar 2023 16:30:28 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V+RDPHiudyQhcA1LT88ftRDsFozFE0hvlX1CoKnyxJM=; b=KACZtPaQ1NL1zpvBK0V+aDZQE/Q+wPW/OZ6qc5Int+t9Qf8Hjjn+eMd4x88okixxCWb/OXj4HSPUpBzmqiqK0YV/OB3dJ+rPDbKlyIl7MWMMEBfOIQ02iFUn4S2eiSMp6Jqsrx2Cu0sK5N42IjnZb3NQNEtJteKgyC+ycMEaIyS4Q14N7cqPfHpRuuyGJYN6Ai5706xmSp/Qn+jhmB0akP2JDDlZqkHT3sgou9NM3R/Xp2sEhlx+PLevSvn+D/gbHO/oyr7NbBWgyHaSeGy/ZZj0KrBw3f02lt4avG7YbZ4A4d1oBPHNandIb0Jy8hKPn6F6OuA6tJQrQo3C3XAOYA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SvqyEUxb09yK4IvACr0Zl0fTtx5F2IIGfcNm08zBx7YzN+l7PrdMcRsvGO3p1UZ4fH+FY9DZPFlhyIexR7PgfdjgUrAsTCd36IwKyxcvlWEzdyL52D16GTym9vsiV3H8BPNi+WtXTQ1+BX1GEipIvhWKZAtlXwPSPpkqb2JPWR3YX687bsAWNrknW0nOGVCJ7Ku/4x7evATT3vOTn0+g08m/PK3t3I0CHQqDmGdnQgASaYy4eRDmRkctyq66FqOVjV48u+SHFr0uaP6qba3nFhqMMNklQ8zm2SiVVFI3kF63MO+8wlaVgK40G2/s7FfLqjls2LDjKNzY7QhJm7g9/g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>
  • Delivery-date: Fri, 17 Mar 2023 16:30:49 +0000
  • Ironport-data: A9a23:xIx9AK4uzgzmjJjDQQjiowxRtOvGchMFZxGqfqrLsTDasY5as4F+v mtOXWnQPKyJZWTyeYp2bdnn/UsPvJ/Qx9JjSgtqqClgHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7JwehBtC5gZlPasS4weE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m1 cVfJGkUV1O5mePrypiQRehAisohFZy+VG8fkikIITDxK98DGMmGb4CUoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6Ok0ooj+CF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNtKTeLhrq802DV/wEQeIhRIXnSYj8Obi06lXtdfG kpJ9HUx+P1aGEuDC4OVsweDiHyOswMYWtFQO/Yn8wzLwa3Riy6JC25BQjNfZdgOsM4tWSdsx lKPh8nuBzFkrPuSU3313qiQhSO/P24SN2BqTSwJUwoDpcXiqYcbjxTTQ9IlG6mw5vX3BDe2x TmJpSo/grw7jMgX2qH99lfC6w9AvbDMRw8xownSAGSs61ogYJb/PtPwr1/G8fxHMYCVCEGbu 2QJkNSf6+ZICoyRkCuKQ6MGG7TBC+u5DQAwSGVHR/EJnwlBMVb5FWyMyFmS/HtUD/s=
  • Ironport-hdrordr: A9a23:qBJfGqhIMjPETxMDMvd0Jyoll3BQXucji2hC6mlwRA09TyX4rb HMoB1/73TJYVkqOU3I9ervBEDiexzhHPxOkOws1N6ZNWGN1QeVxelZnOnfKlbbexEWmNQts5 tIQuxTD8DxEEg/reuS2njALz5qqOP3lJxAXN2uqEtQcQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17/03/2023 2:29 pm, Roger Pau Monné wrote:
> On Thu, Apr 15, 2021 at 11:47:42AM +0200, Jan Beulich wrote:
>> There are three noteworthy drawbacks:
>> 1) The intercepts we need to enable here are CPL-independent, i.e. we
>>    now have to emulate certain instructions for ring 0.
>> 2) On VMX there's no intercept for SMSW, so the emulation isn't really
>>    complete there.
> Then I'm afraid we can't set the bit in the max CPUID policy.  What
> about domains being migrated from a host that has UMIP to an Intel
> host where UMIP is emulated?  They would see a change in behavior in
> SMSW, and the behavior won't match the ISA anymore.

There are conflicting opinions on this.  But the truth is that SMSW only
leaks the bottom nibble(?) of CR0 and that simply isn't information that
is of use to an attacker like SGDT/SIDT is.

So from an entirely ideal point of view there is an argument to say that
UMIP-but-can't-block-SMSW is better than no UMIP.


Except, I'm not fully convinced by this argument.

SMSW aside, emulating UMIP on hardware without it involves emulating the
guest being able to set CR4.UMIP which is reserved so we have to
intercept #UD, and intercepting all #GP so we can find the
S{I,LG}DT/STR/SMSW(on AMD) instructions and fail them in Ring3.

We went to a lot of effort to not intercept #UD (by default) because it
exposed x86_emulate() to guest userspace and caused us a huge number of
security headaches.  Similarly, #GP interception is the source of a lot
of security bugs on other hypervisors.

So there is large security concern with this patch.  Which is not a no,
but definitely is a "need to think about this more carefully".

This logic isn't useful for Linux.  All versions of Linux which know
about UMIP already put the IDT and GDT on read-only mappings to prevent
SIDT/SGDT being useful to an attacker on hardware lacking UMIP.  I don't
know what Windows does here, but I would be amazed if they don't
something similar.

Therefore, this logic is only useful for guests which do know about
UIMP, and do not have any other defences against SIDT/SGD.  If this
isn't an empty set of kernels, it will be a small set.


Also, as a note, the XTF UMIP test declares a failure against KVM
(because SMSW does leak), and will do the same on Xen after this patch. 
I don't think OSSTest will declare this to be a blocking regression,
because the XTF test won't be configured for "max", so it won't notice. 
And because I still haven't got the test-version logic working, we can't
modify the XTF UMIP behaviour without breaking the OSSTest bisector...

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.