Re: [PATCH v4 4/6] x86/tdx: Add a restriction on access to MMIO address
From: Kirill A. Shutemov
Date: Thu Aug 22 2024 - 04:18:46 EST
On Wed, Aug 21, 2024 at 04:24:36PM +0200, Alexey Gladkov wrote:
> From: "Alexey Gladkov (Intel)" <legion@xxxxxxxxxx>
>
> In the case of userspace MMIO, if the user instruction + MAX_INSN_SIZE
> straddles page, then the "fetch" in the kernel could trigger a #VE.
It has nothing to do with "straddling page". It's about tricking kernel
into doing MMIO on user address.
For instance, if in response to a syscall, kernel does put_user() and the
target address is MMIO mapping in userspace, current #VE handler threat
this access as kernel MMIO which is wrong and have security implications.
> In
> this case the kernel would handle this second #VE as a !user_mode() MMIO.
> That way, additional address verifications can be avoided.
>
> The scenario of accessing userspace MMIO addresses from kernelspace does
> not seem appropriate under normal circumstances. Until there is a
> specific usecase for such a scenario it can be disabled.
>
> Signed-off-by: Alexey Gladkov (Intel) <legion@xxxxxxxxxx>
Cc: stable@ please.
and this patch has to go ahead of the patchset, targeting x86/urgent
branch.
--
Kiryl Shutsemau / Kirill A. Shutemov