Re: [PATCH] Allow RDTSC and RDTSCP from userspace

From: Joerg Roedel
Date: Sat Apr 25 2020 - 08:49:16 EST


Hi Dave,

On Fri, Apr 24, 2020 at 03:53:09PM -0700, Dave Hansen wrote:
> Ahh, so any instruction that can have an instruction intercept set
> potentially needs to be able to tolerate a #VC? Those instruction
> intercepts are under the control of the (untrusted relative to the
> guest) hypervisor, right?
>
> >From the main sev-es series:
>
> +#ifdef CONFIG_AMD_MEM_ENCRYPT
> +idtentry vmm_communication do_vmm_communication has_error_code=1
> +#endif

The next version of the patch-set (which I will hopefully have ready
next week) will have this changed. The #VC exception handler uses an IST
stack and is set to paranoid=1 and shift_ist. The IST stacks for the #VC
handler are only allocated when SEV-ES is active.

> That's a fun point because it means that the (untrusted) hypervisor can
> cause endless faults. I *guess* we have mitigation for this with our
> stack guard pages, but it's still a bit nasty that the hypervisor can
> arbitrarily land a guest in the double-fault handler.
>
> It just all seems a bit weak for the hypervisor to be considered
> untrusted. But, it's _certainly_ a steep in the right direction from SEV.

Yeah, a malicious hypervisor can do bad things to an SEV-ES VM, but it
can't easily steal its secrets from memory or registers. The #VC handler
does its best to just crash the VM if unexpected hypervisor behavior is
detected.


Regards,

Joerg