Re: [PATCH V2] x86/sev: Mark the code returning to user space as syscall gap

From: Joerg Roedel
Date: Fri May 13 2022 - 09:39:14 EST

Next message: Peter Zijlstra: "Re: [RFC] sched,livepatch: call klp_try_switch_task in __cond_resched"
Previous message: Serge Semin: "Re: [PATCH v3 08/23] ata: libahci_platform: Add function returning a clock-handle by id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Tue, Apr 12, 2022 at 08:49:08PM +0800, Lai Jiangshan wrote:
> From: Lai Jiangshan <jiangshan.ljs@xxxxxxxxxxxx>
>
> When returning to user space, the %rsp is user controlled value.
>
> If it is SNP-guest and the hypervisor decides to mess with the code-page
> for this path while a CPU is executing it. This will cause a #VC on
> that CPU and that could hit in the syscall return path and mislead
> the #VC handler.
>
> So make ip_within_syscall_gap() return true in this case.

With the SNP guest patches in tip-tree I think it actually becomes
possible that a #VC exception hits in these parts of the execution
stream. It requires good timing by the attacker, but it is not
impossible. Therefore:

Acked-by: Joerg Roedel <jroedel@xxxxxxx>

--
Jörg Rödel
jroedel@xxxxxxx

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Next message: Peter Zijlstra: "Re: [RFC] sched,livepatch: call klp_try_switch_task in __cond_resched"
Previous message: Serge Semin: "Re: [PATCH v3 08/23] ata: libahci_platform: Add function returning a clock-handle by id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]