Re: [PATCH v8 20/40] x86/sev: Use SEV-SNP AP creation to start secondary CPUs

From: Tom Lendacky
Date: Wed Jan 12 2022 - 12:10:15 EST

Next message: Paul E. McKenney: "Re: [syzbot] KASAN: use-after-free Read in srcu_invoke_callbacks"
Previous message: Dmitry Baryshkov: "Re: [v2 2/3] drm/msm/dsi: Add dsi phy tuning configuration support"
In reply to: Brijesh Singh: "Re: [PATCH v8 20/40] x86/sev: Use SEV-SNP AP creation to start secondary CPUs"
Next in thread: Borislav Petkov: "Re: [PATCH v8 20/40] x86/sev: Use SEV-SNP AP creation to start secondary CPUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/12/22 10:33 AM, Brijesh Singh wrote:

On 12/31/21 9:36 AM, Borislav Petkov wrote:

On Fri, Dec 10, 2021 at 09:43:12AM -0600, Brijesh Singh wrote:

+     * an attempt was done to use the current VMSA with a running vCPU, a
+     * #VMEXIT of that vCPU would wipe out all of the settings being done
+     * here.

I don't understand - this is waking up a CPU, how can it ever be a
running vCPU which is using the current VMSA?!

Yes, in general. My thought was that nothing is stopping a malicious hypervisor from performing a VMRUN on that vCPU and then the VMSA would be in use.

Thanks,
Tom

There is per_cpu(snp_vmsa, cpu), who else can be using that one currently?

Maybe Tom can expand it bit more?

Next message: Paul E. McKenney: "Re: [syzbot] KASAN: use-after-free Read in srcu_invoke_callbacks"
Previous message: Dmitry Baryshkov: "Re: [v2 2/3] drm/msm/dsi: Add dsi phy tuning configuration support"
In reply to: Brijesh Singh: "Re: [PATCH v8 20/40] x86/sev: Use SEV-SNP AP creation to start secondary CPUs"
Next in thread: Borislav Petkov: "Re: [PATCH v8 20/40] x86/sev: Use SEV-SNP AP creation to start secondary CPUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]