Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

From: Joerg Roedel
Date: Tue Nov 16 2021 - 08:30:26 EST

Next message: Ansuel Smith: "Re: drivers/net/dsa/qca8k.c:944 qca8k_parse_port_config() error: testing array offset 'cpu_port_index' after use."
Previous message: Christophe Leroy: "Re: [PATCH v2 2/5] preempt/dynamic: Introduce preempt mode accessors"
In reply to: Sean Christopherson: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Next in thread: Brijesh Singh: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 15, 2021 at 07:15:07PM +0000, Sean Christopherson wrote:
> It creates a new attack surface, e.g. if the guest mishandles the #VC and does
> PVALIDATE on memory that it previously accepted, then userspace can attack the
> guest by accessing guest private memory to coerce the guest into consuming corrupted
> data.

If a guest can be tricked into a double PVALIDATE or otherwise
misbehaves on a #VC exception, then it is a guest bug and needs to be
fixed there.

It is a core requirement to the #VC handler that it can not be tricked
that way.

Regards,

--
Jörg Rödel
jroedel@xxxxxxx

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Next message: Ansuel Smith: "Re: drivers/net/dsa/qca8k.c:944 qca8k_parse_port_config() error: testing array offset 'cpu_port_index' after use."
Previous message: Christophe Leroy: "Re: [PATCH v2 2/5] preempt/dynamic: Introduce preempt mode accessors"
In reply to: Sean Christopherson: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Next in thread: Brijesh Singh: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]