[Hardening issues] Security implications from KVM PV features

intel / ccc-linux-guest-hardening

Linux Security Hardening for Confidential Compute

https://intel.github.io/ccc-linux-guest-hardening-docs

MIT License

63 stars 13 forks source link

[Hardening issues] Security implications from KVM PV features #152

Closed ereshetova closed 3 months ago

ereshetova commented 3 months ago

Problem

KVM exposes a set of KVM hypercalls to its guests that are enumerated via KVM provided CPUIDs. Some of these hypercalls are unsecure in the CoCo threat model (for example KVM_FEATURE_CLOCKSOURCE/2) and should not be used.

Solution

Analyze the KVM hypercalls and its security implications for CoCo guest. Address discovered issues, by either explicitly disabling the respected CPUIDs in the guest or using other means.

ereshetova commented 3 months ago

KVM_FEATURE_ASYNC_PF

Can be disabled in guest via cmdline param "no-kvmapf". For TDX the apf_reason struct is not shared with the host and hence even if the feature is enabled in guest and host reports it to be present via CPUIDs, it won't be able to update the apf_reason.flags & apf_reason.token. With apf_reason.flags == 0, __kvm_handle_async_pf just returns false and does no processing (including not adding a new waiting task via kvm_async_pf_task_wait_schedule) and with apf_reason.token == 0 and no tasks added to the waiting queue, sysvec_kvm_asyncpf_interrupt wont find a matching node to wake up.

ereshetova commented 3 months ago

KVM_FEATURE_CLOCKSOURCE(2)

Can be disabled in guest via cmdline param "no-kvmclock" (also deactivates ptp virtual clock based on kvm). Should not be used since the host-provided timing is not secure.

ereshetova commented 3 months ago

KVM_FEATURE_PV_EOI

Relies on the host writing to the guest, which requires making kvm_apic_eoi per cpu variable residing in shared memory. In TDX case, this per-cpu variable is not shared, so the KVM_PV_EOI_BIT bit never gets set by the host and normal apic_native_eoi() will be used instead inside the apic overridden kvm handler.

ereshetova commented 3 months ago

KVM_FEATURE_STEAL_TIME

Relies on the host writing to the guest, which requires making steal_time per cpu variable residing in shared memory. In TDX case, this per-cpu variable is not shared, so any steal time accounting would just return zero.

ereshetova commented 3 months ago

The following KVM features seem not to have any security implications towards a CoCo guest (DoS is out of scope):

KVM_FEATURE_MMU_OP

KVM_FEATURE_PV_UNHALT

KVM_FEATURE_PV_TLB_FLUSH

KVM_FEATURE_POLL_CONTROL

KVM_FEATURE_PV_SCHED_YIELD

KVM_FEATURE_MSI_EXT_DEST_ID

KVM_FEATURE_NOP_IO_DELAY

KVM_FEATURE_PV_SEND_IPI

KVM_HINTS_REALTIME

ereshetova commented 3 months ago

Updated the docs in https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html Closing as done, since nothing else is needed here.