On Wed, Apr 15, 2020 at 10:52:53PM +1000, Andrew Donnellan wrote: > The Linux kernel for powerpc from v4.10 to v5.1 has a bug where the > Authority Mask Register (AMR), Authority Mask Override Register (AMOR) and > User Authority Mask Override Register (UAMOR) are not correctly saved and > restored when the CPU is going into/coming out of idle state. > > On POWER9 CPUs, this means that a CPU may return from idle with the AMR > value of another thread on the same core. > > This allows a trivial Denial of Service attack against KVM hosts, by booting > a guest kernel which makes use of the AMR, such as a v5.2 or later kernel > with Kernel Userspace Access Prevention (KUAP) enabled. > > The guest kernel will set the AMR to prevent userspace access, then the > thread will go idle. At a later point, the hardware thread that the guest > was using may come out of idle and start executing in the host, without > restoring the host AMR value. The host kernel can get caught in a page fault > loop, as the AMR is unexpectedly causing memory accesses to fail in the > host, and the host is eventually rendered unusable.
Hello, shouldn't the kernel restore the host registers when leaving the guest? I recall some code exists for handling the *AM*R when leaving guest. Can the KVM guest enter idle without exiting to host? Thanks Michal