ACK: [SRU][J/N][PATCH 0/2] CVE-2024-25742

Andrei Gherzan andrei.gherzan at canonical.com
Thu Jul 4 09:12:50 UTC 2024 

On 24/07/03 06:11pm, Yuxuan Luo wrote:
> [Impact]
> The WeSee vulnerability leverages the untrusted hypervisor’s ability to
> inject malicious #VC interrupts into AMD SEV-SNP VMs. WESEE triggers the
> exception handler in the victim VM with well-crafted and well-timed #VCs
> to induce register and memory read/writes as well as arbitrary code
> injection into the VM memory. It has shown that WESEE compromises
> confidentiality and integrity of a victim VM.
> 
> [Backport]
> The first patch is a clean cherry pick on Noble.
> 
> On Jammy, however, three conflicts must to resolved:
> 1. conflict hunk around #define:
>   Needs prerequisite commit 6c3211796326 (“x86/sev: Add SNP-specific
>   unaccepted memory support”), which requires 745e3ed85f71
>   (“efi/libstub: Implement support for unaccepted memory”). Since the
>   prerequisite depends on a feature yet to be introduced, ignore this
>   conflict and include the new definitions between #else and #endif as
>   well for vc_check_opcode_bytes() in case the flag is not set.
> 
> 2. conflict at do_vc_no_ghcb():
>   Prerequisite 801baa693c1f (“x86/sev: Move MSR-based VMGEXITs for CPUID
>   to helper”) not worth backporting since the conflicting context is not
>   interleaving.
> 
> 3. conflict around vc_check_opcode_bytes():
>   Append it to the end.
> 
> The second patch is a follow-up commit to make up a corner case the
> first patch missed, it applies cleanly on both kernels.
> 
> [Test]
> Compile and boot tested only.
> 
> [Where things might go wrong]
> Regression might occur for VM users of the AMD confidential computing
> environment.
> 
> Borislav Petkov (AMD) (1):
>   x86/sev: Harden #VC instruction emulation somewhat
> 
> Tom Lendacky (1):
>   x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
> 
>  arch/x86/boot/compressed/sev.c |   4 ++
>  arch/x86/kernel/sev-shared.c   | 104 ++++++++++++++++++++++++++++++++-
>  arch/x86/kernel/sev.c          |   5 +-
>  3 files changed, 110 insertions(+), 3 deletions(-)
> 

Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>

-- 
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240704/25be9866/attachment.sig>

More information about the kernel-team mailing list