Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp327358rbe; Thu, 29 Feb 2024 00:09:02 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU3RMnihwLgb+luD8AKf3RlChWrUTxIAX6Glwmz3HVgMlvqMZBAztLgquWy/yMDMjn6nCOCBMr/3Dzxm/7YWW3Qud60FuyAQyGwHno/bA== X-Google-Smtp-Source: AGHT+IF/2ZH5O91sah7LjZ3YDSmD86m82ux1eX3KS+HKvWHUql7O8wnUk6x7FZTHN26FABT1fegQ X-Received: by 2002:aa7:cd64:0:b0:565:4b37:4578 with SMTP id ca4-20020aa7cd64000000b005654b374578mr853145edb.14.1709194142227; Thu, 29 Feb 2024 00:09:02 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709194142; cv=pass; d=google.com; s=arc-20160816; b=YAdBEzbngXKiK9Rs/KiDlydhtmr3CRFhw+QveB5VO/6RGzXjRVuqTsZH5yPCHhYdvd ufy5X0mnWs/I2y2EKXLN6OFSsn9kMdR4aURCXlgA41rQDn1I0Sl8vnMifMQgED8w0AP1 Zccbs7JtKnow0dKg3cDbMGBvFqrdKIEvNTVSbiWuzzm0FTjOFs73abHtwsY56KtjoufT Ms9ATjpkCdNe1CyDlujgXE0/TQeGNCt3tkjYuBlqB9AWMCz7e8HxU0HgyEsquLtB4R8C ZHtPSDvcF6vbcmTiFv0zlRsJ24Pd/pO2z9I0M7e9JTKKSz/0KtC127QzBrCboAtXNpej gsYA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=15w6wj3J35usSWdRwfld/vYX5aTLUZWqSCkNcgI5sDA=; fh=P1dEsS6hYzHDHnoMO0VHZ+DYssE+hovn3QwjZp4Zn88=; b=O7BQejMqp/2yqQEgGNvnd/sFLd8C/I88dEmAx3Ju5NOwGeKiM/S5gsVIsmVXigSden SOqX+yY1Ob6+5/QEHAkytVVS+cOY8KJ3lfEsWysZGWzmnObQmvXZ3DZakxjBmkqsOW5+ QRyf7lCubRe7fdNk+Xgge48mJdp3kpmVH5jBf6QBq/8U0mRZJyFbri6Qj5AmtNK0uhZ2 lbx9v0zjvP8rbnkhxmdqaozQiSQd+5h5fw6fC8HbrVoZtSp17P0F1/giDo95dTl7o2PN JiPD2GuyoARGcQkNdIr4jJlGSddAdgBQ1G2vCHqjCH0RAbbPHo/7nTPu7gvb2yzzskXc u34g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZIuDEOyy; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-86269-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86269-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id v14-20020a056402348e00b00564299247b9si379331edc.120.2024.02.29.00.09.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 00:09:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-86269-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZIuDEOyy; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-86269-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86269-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id F0D611F21E83 for ; Thu, 29 Feb 2024 08:09:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D7E36482F2; Thu, 29 Feb 2024 08:08:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZIuDEOyy" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6591547F42 for ; Thu, 29 Feb 2024 08:08:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709194131; cv=none; b=jSA9DiQguvbNwGHlWh/BoPpqYW9Uaxmb/jztZbXzvjK5B1NG2f3Kn09BCqDwW9x0+x+ai+IUrJeO+lQwEpCIAIiaKcXikHB7JcDfSyb8SL3BDqI0v681J9a4IeoMupWANiX8MuSKbyqZcshTjYVfSkJVmd7l8JQMIijoNAVSTWc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709194131; c=relaxed/simple; bh=p2AucDcjwJAc5f/us8nHZQzK0FZ0x5K7PfiLkMlk26c=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=npKCIJ1wEpe5AreMBhhJVqY1s8OlKkmDxQmvDSST6vabUf6JdqhW6nhBvF4WMumNS59TK5BEfHGpeqRickLLIR42H/YsQEy9T/wTg/3I35ATa7N4c7FPeLqxHI9Ys4qvpy8a3iBFAajzAprf3e+ayU0N1rDd9ZCN8q7Zv+rRKCY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZIuDEOyy; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709194128; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=15w6wj3J35usSWdRwfld/vYX5aTLUZWqSCkNcgI5sDA=; b=ZIuDEOyyKZxH2YzGwtOtE2uLkZ/D8LaKZBGiuwXelZkx6ilMsT7/DKL+A+JzSJG87T1I/v UIE/5arE23z6XAyeSgI6IbEbbPLjmE+rp5Nzgxf/szQGEwtPjP00aW92ZTzj3kypclUvn0 GyZZPnJLQbbko1K0f2nmfbC9LmSFCTc= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-19-iONjQSVFPqivyx301iEVsg-1; Thu, 29 Feb 2024 03:08:46 -0500 X-MC-Unique: iONjQSVFPqivyx301iEVsg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a3bdd99a243so66803366b.0 for ; Thu, 29 Feb 2024 00:08:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709194125; x=1709798925; h=mime-version:message-id:date:references:in-reply-to:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=15w6wj3J35usSWdRwfld/vYX5aTLUZWqSCkNcgI5sDA=; b=nYlKIz/fktZlMttN4JukzXtMPY8uIE/236OKgGwQ0JJgYcnJQOZrsa3RTtA4rnq1sa 2PV35v1CnZe91jCXX6za9Si8mHDSm+mSbTpXkx8R5tH3Q6WvUZ70V3SBuOBmP4d+QKuE n745UuYEwMdPkFIC0JjAYY/oK9BaTBOYNIi1n/Q555POgA1cLneObwD6owPgf33FqOPP g5iaIkLegmdGdPOllhgZefvAphQHp7Ynzt9GbhC+6JyxUrcnDj1bCHS6+tgGI2DFr8jY 8YHWgtYRUN/2azXSsqO85G3QJS7yacR7mQAetHbYvVx38j9z9O777z5CTSn44qrB5bs7 WvPg== X-Forwarded-Encrypted: i=1; AJvYcCVUALBLY+JntrOZntNu2PWWt9j8SvRvry1IJdDtP3zvTLS+n+xiDrczfUT7vwDnWqdeBic/LGczCueVHk0/SyF7rE7GWMJh2hIBMLzR X-Gm-Message-State: AOJu0YwyZbAYuE6+yQS/wROdNKhdUMTc2X0CwsixVS64UMbc0Mgj9Xch 80xyocGaWriy+XmYbDJK/75IVkyq3bpENOOjyxdaqRReCJ9Oa/4pZhMSxw0roA8OYBu2lHpmu9z wWSKEvwrMQR9DLWjEofDH/mbqouhEQYsYpWfRjoGpZIxMR3yQBTClkmVbgLbHsA== X-Received: by 2002:a17:907:1deb:b0:a44:3dd:1a70 with SMTP id og43-20020a1709071deb00b00a4403dd1a70mr823110ejc.11.1709194125603; Thu, 29 Feb 2024 00:08:45 -0800 (PST) X-Received: by 2002:a17:907:1deb:b0:a44:3dd:1a70 with SMTP id og43-20020a1709071deb00b00a4403dd1a70mr823096ejc.11.1709194125225; Thu, 29 Feb 2024 00:08:45 -0800 (PST) Received: from fedora (g2.ign.cz. [91.219.240.8]) by smtp.gmail.com with ESMTPSA id js9-20020a17090797c900b00a3d0a094574sm419645ejc.66.2024.02.29.00.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 00:08:43 -0800 (PST) From: Vitaly Kuznetsov To: Greg KH , Paolo Bonzini Cc: cve@kernel.org, linux-kernel@vger.kernel.org, KVM list Subject: Re: CVE-2021-46978: KVM: nVMX: Always make an attempt to map eVMCS after migration In-Reply-To: <2024022905-barrette-lividly-c312@gregkh> References: <2024022822-CVE-2021-46978-3516@gregkh> <54595439-1dbf-4c3c-b007-428576506928@redhat.com> <2024022905-barrette-lividly-c312@gregkh> Date: Thu, 29 Feb 2024 09:08:42 +0100 Message-ID: <87jzmnn14l.fsf@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain Greg KH writes: > On Wed, Feb 28, 2024 at 11:09:50PM +0100, Paolo Bonzini wrote: >> On 2/28/24 09:14, Greg Kroah-Hartman wrote: >> > From: gregkh@kernel.org >> > >> > Description >> > =========== >> > >> > In the Linux kernel, the following vulnerability has been resolved: >> > >> > KVM: nVMX: Always make an attempt to map eVMCS after migration >> >> How does this break the confidentiality, integrity or availability of the >> host kernel? It's a fix for a failure to restart the guest after migration. >> Vitaly can confirm. > > It's a fix for the availability of the guest kernel, which now can not > boot properly, right? That's why this was selected. If this is not > correct, I will be glad to revoke this. > To be precise, this issue is about guest's behavior post-migration and not booting. Also, it should be noted that "Enlightened VMCS" feature is normally not used for Linux guests on KVM so the "guest kernel" is actually Windows kernel (or Hyper-V) :-) Personally, I don't see how this particular issue differs from other KVM hypervisor bugs. I.e. when hypervisor misbehaves, the guest will likely suffer and in many cases "suffer" means crash. What *is* important is who can trigger hypervisor's misbehavior. In case it is guest triggered (and especially if triggered from CPL!=0), security implications are possible. In the even worse case when such guest's actions can cause issues in the host's kernel, the presence of a vulnerability is almost certain. Migration is (normally) not guest triggered, it's a deliberate action on the host. -- Vitaly