Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966353AbeAJQxK (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 11:53:10 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:38448 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S966366AbeAJQxH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 11:53:07 -0500
MIME-Version: 1.0
Message-ID: <06779fe6-7ab6-4906-a66c-2466d03877e0@default>
Date: Wed, 10 Jan 2018 08:51:56 -0800 (PST)
From: Liran Alon <liran.alon@oracle.com>
To: <dwmw2@infradead.org>
Cc: <jmattson@google.com>, <konrad.wilk@oracle.com>, <x86@kernel.org>,
        <nadav.amit@gmail.com>, <bp@alien8.de>, <arjan@linux.intel.com>,
        <aliguori@amazon.com>, <thomas.lendacky@amd.com>,
        <rkrcmar@redhat.com>, <pbonzini@redhat.com>,
        <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>
Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
 MSR_IA32_PRED_CMD down to the guest
X-Mailer: Zimbra on Oracle Beehive
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Content-Disposition: inline
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8769 signatures=668652
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=966
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801100236
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>


----- dwmw2@infradead.org wrote:

> On Wed, 2018-01-10 at 08:19 -0800, Liran Alon wrote:
> > 
> > (1) On VMEntry, Intel recommends to just restore SPEC_CTRL to guest
> > value (using WRMSR or MSR save/load list) and that's it. As I
> > previously said to Jim, I am missing here a mechanism which should
> be
> > responsible for hiding host's BHB & RSB from guest. Therefore,
> guest
> > still have the possibility to info-leak host's kernel module
> > addresses (kvm-intel.ko / kvm.ko / vmlinux).
> 
> How so?
> 
> The host has the capability to attack the guest... but that's not an
> interesting observation.

That's not the issue I am talking about here.
I'm talking about the guest ability to info-leak addresses in host.

> 
> I'm not sure why you consider it an information leak to have host
> addresses in the BTB/RSB when the guest is running; it's not like
> they
> can be *read* from there. Perhaps you could mount a really contrived
> attack where you might attempt to provide your own spec-leak code at
> various candidate addresses that you think might be host BTB targets,
> and validate your assumptions... but I suspect basic cache-based
> observations were easier than that anyway.
> 
> I don't think this is a consideration.

Hmm... This is exactly how Google Project-Zero PoC leaks kvm-intel.ko, kvm.ko & vmlinux...
See section "Locating the host kernel" here:
https://googleprojectzero.blogspot.co.il/2018/01/reading-privileged-memory-with-side.html

This was an important primitive in order for them to actually launch the attack of reading host's memory pages. As they needed the hypervisor addresses such that they will be able to later poison the BTB/BHB to gadgets residing in known host addresses.

-Liran