| Message ID | 20240611201145.183510-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-25744 | expand |
On Tue, Jun 11, 2024 at 4:12 PM Yuxuan Luo <yuxuan.luo@canonical.com> wrote: > > [Impact] > In x86 environment, untrusted virtual machines are able to send > interrupt that will be mistakenly interpretted by host as INT80 > interrupt sent from host userspace programs, posessing threat to > the host's confidentiality. > > [Backport] > For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce > ia32_enabled()”), for the patch set is needed as denoted in the fix > commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80 > emulation for FRED”), can be ignored because it is FRED specific and > FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit > and dispatch code”). > > For Focal, the most important fix, be5341eb0d43 (“x86/entry: Convert INT > 0x80 emulation to IDTENTRY”), cannot be backported since IDTENTRY is not > well supported, and it is hard to backport IDTENTRY due to the > complexity of the entire patch set > (https://lore.kernel.org/all/20200505134903.949227617@linutronix.de/T/#mcb16c66e338e669bb663742a526346c9d12605b4). > Therefore, as suggested by the maintainer Kirill A. Shutemov, we simply > disable IA32 emulation for SEV to mitigate the issue (TDX is not > introduced yet). > > [Test] > Compile and boot tested in a VM. > > [Where things could go wrong] > It affects users running x32 operating system VMs on confidential > computing VMMs. > > Kirill A. Shutemov (1): > x86/coco: Disable 32-bit emulation by default on TDX and SEV > > Kuppuswamy Sathyanarayanan (1): > x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c > > Nikolay Borisov (1): > x86: Introduce ia32_enabled() > > arch/x86/entry/common.c | 5 ++++ > arch/x86/include/asm/ia32.h | 23 ++++++++++++++++++- > arch/x86/mm/Makefile | 8 +++---- > .../mm/{mem_encrypt.c => mem_encrypt_amd.c} | 11 +++++++++ > 4 files changed, 42 insertions(+), 5 deletions(-) > rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%) > > -- ACK only for focal due to Manuel's NACK. Acked-by: Kevin Becker <kevin.becker@canonical.com>
On 18.07.24 14:36, Kevin Becker wrote: > On Tue, Jun 11, 2024 at 4:12 PM Yuxuan Luo <yuxuan.luo@canonical.com> wrote: >> >> [Impact] >> In x86 environment, untrusted virtual machines are able to send >> interrupt that will be mistakenly interpretted by host as INT80 >> interrupt sent from host userspace programs, posessing threat to >> the host's confidentiality. >> >> [Backport] >> For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce >> ia32_enabled()”), for the patch set is needed as denoted in the fix >> commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80 >> emulation for FRED”), can be ignored because it is FRED specific and >> FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit >> and dispatch code”). >> >> For Focal, the most important fix, be5341eb0d43 (“x86/entry: Convert INT >> 0x80 emulation to IDTENTRY”), cannot be backported since IDTENTRY is not >> well supported, and it is hard to backport IDTENTRY due to the >> complexity of the entire patch set >> (https://lore.kernel.org/all/20200505134903.949227617@linutronix.de/T/#mcb16c66e338e669bb663742a526346c9d12605b4). >> Therefore, as suggested by the maintainer Kirill A. Shutemov, we simply >> disable IA32 emulation for SEV to mitigate the issue (TDX is not >> introduced yet). >> >> [Test] >> Compile and boot tested in a VM. >> >> [Where things could go wrong] >> It affects users running x32 operating system VMs on confidential >> computing VMMs. >> >> Kirill A. Shutemov (1): >> x86/coco: Disable 32-bit emulation by default on TDX and SEV >> >> Kuppuswamy Sathyanarayanan (1): >> x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c >> >> Nikolay Borisov (1): >> x86: Introduce ia32_enabled() >> >> arch/x86/entry/common.c | 5 ++++ >> arch/x86/include/asm/ia32.h | 23 ++++++++++++++++++- >> arch/x86/mm/Makefile | 8 +++---- >> .../mm/{mem_encrypt.c => mem_encrypt_amd.c} | 11 +++++++++ >> 4 files changed, 42 insertions(+), 5 deletions(-) >> rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%) >> >> -- > > ACK only for focal due to Manuel's NACK. > > Acked-by: Kevin Becker <kevin.becker@canonical.com> > Please do a Focal only v2. Once I see any NACK on submissions it goes into the KTML bin. -Stefan
[Impact] In x86 environment, untrusted virtual machines are able to send interrupt that will be mistakenly interpretted by host as INT80 interrupt sent from host userspace programs, posessing threat to the host's confidentiality. [Backport] For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce ia32_enabled()”), for the patch set is needed as denoted in the fix commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80 emulation for FRED”), can be ignored because it is FRED specific and FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit and dispatch code”). For Focal, the most important fix, be5341eb0d43 (“x86/entry: Convert INT 0x80 emulation to IDTENTRY”), cannot be backported since IDTENTRY is not well supported, and it is hard to backport IDTENTRY due to the complexity of the entire patch set (https://lore.kernel.org/all/20200505134903.949227617@linutronix.de/T/#mcb16c66e338e669bb663742a526346c9d12605b4). Therefore, as suggested by the maintainer Kirill A. Shutemov, we simply disable IA32 emulation for SEV to mitigate the issue (TDX is not introduced yet). [Test] Compile and boot tested in a VM. [Where things could go wrong] It affects users running x32 operating system VMs on confidential computing VMMs. Kirill A. Shutemov (1): x86/coco: Disable 32-bit emulation by default on TDX and SEV Kuppuswamy Sathyanarayanan (1): x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c Nikolay Borisov (1): x86: Introduce ia32_enabled() arch/x86/entry/common.c | 5 ++++ arch/x86/include/asm/ia32.h | 23 ++++++++++++++++++- arch/x86/mm/Makefile | 8 +++---- .../mm/{mem_encrypt.c => mem_encrypt_amd.c} | 11 +++++++++ 4 files changed, 42 insertions(+), 5 deletions(-) rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%)