From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> To: Felicitas Hetzelt <file@sect.tu-berlin.de>, ashish.kalra@amd.com, jun.nakajima@intel.com, hch@lst.de Cc: "Radev, Martin" <martin.radev@aisec.fraunhofer.de>, david.kaplan@amd.com, "Michael S. Tsirkin" <mst@redhat.com>, Jason Wang <jasowang@redhat.com>, virtualization@lists.linux-foundation.org, Robert Buhren <robert@sect.tu-berlin.de>, iommu@lists.linux-foundation.org, "Morbitzer, Mathias" <mathias.morbitzer@aisec.fraunhofer.de> Subject: Re: swiotlb/virtio: unchecked device dma address and length Date: Mon, 14 Dec 2020 16:49:50 -0500 [thread overview] Message-ID: <20201214214950.GC18103@char.us.oracle.com> (raw) In-Reply-To: <d2ae0b1d-332b-42a1-87bf-7da2b749cac2@sect.tu-berlin.de> On Fri, Dec 11, 2020 at 06:31:21PM +0100, Felicitas Hetzelt wrote: > Hello, Hi! Please see below my responses. > we have been analyzing the Hypervisor-OS interface of Linux > and discovered bugs in the swiotlb/virtio implementation that can be > triggered from a malicious Hypervisor / virtual device. > With SEV, the SWIOTLB implementation is forcefully enabled and would > always be used. Thus, all virtio devices and others would use it under > the hood. > > The reason for analyzing this interface is that, technologies such as > Intel's Trusted Domain Extensions [1] and AMD's Secure Nested Paging [2] > change the threat model assumed by various Linux kernel subsystems. > These technologies take the presence of a fully malicious hypervisor > into account and aim to provide protection for virtual machines in such > an environment. Therefore, all input received from the hypervisor or an > external device should be carefully validated. Note that these issues > are of little (or no) relevance in a "normal" virtualization setup, > nevertheless we believe that it is required to fix them if TDX or SNP is > used. > > We are happy to provide more information if needed! > > [1] > https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html > > [2] https://www.amd.com/en/processors/amd-secure-encrypted-virtualization > > Bug: > OOB memory write. > dma_unmap_single -> swiotlb_tbl_unmap_single is invoked with dma_addr > and length parameters that are under control of the device. > This happens e.g. in virtio_ring: > https://elixir.bootlin.com/linux/v5.10-rc7/source/drivers/virtio/virtio_ring.c#L378 Heya! Thank you for pointing this out! I've a couple of questions and hope you can help me out with them. Also CC-ing AMD / TDX folks. > > This raises two issues: > 1) swiotlb_tlb_unmap_single fails to check whether the index generated > from the dma_addr is in range of the io_tlb_orig_addr array. That is fairly simple to implement I would think. That is it can check that the dma_addr is from the PA in the io_tlb pool when SWIOTLB=force is used. > 2) when swiotlb_bounce is called the device controls the length of the > memory copied to the cpu address. So.. this sounds very similar to the Intel Thunder.. something issue where this exact issue was fixed by handing the DMA off to the SWIOTLB bounce code. But if that is broken, then that CVE is still not fixed? So the issue here is that swiotlb_tbl_unmap_single(..,mapping_size,) is under the attacker control. Ugh. One way could be to have a io_tlb_orig_addr-ish array with the length of mappings to double check? Couple more questions: - Did you have already some PoC fixes for this? - Is there a CVE associated with this? - Is there a paper on this you all are working on? Thank you! _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> To: Felicitas Hetzelt <file@sect.tu-berlin.de>, ashish.kalra@amd.com, jun.nakajima@intel.com, hch@lst.de Cc: "Radev, Martin" <martin.radev@aisec.fraunhofer.de>, david.kaplan@amd.com, "Michael S. Tsirkin" <mst@redhat.com>, virtualization@lists.linux-foundation.org, Robert Buhren <robert@sect.tu-berlin.de>, iommu@lists.linux-foundation.org, "Morbitzer, Mathias" <mathias.morbitzer@aisec.fraunhofer.de> Subject: Re: swiotlb/virtio: unchecked device dma address and length Date: Mon, 14 Dec 2020 16:49:50 -0500 [thread overview] Message-ID: <20201214214950.GC18103@char.us.oracle.com> (raw) In-Reply-To: <d2ae0b1d-332b-42a1-87bf-7da2b749cac2@sect.tu-berlin.de> On Fri, Dec 11, 2020 at 06:31:21PM +0100, Felicitas Hetzelt wrote: > Hello, Hi! Please see below my responses. > we have been analyzing the Hypervisor-OS interface of Linux > and discovered bugs in the swiotlb/virtio implementation that can be > triggered from a malicious Hypervisor / virtual device. > With SEV, the SWIOTLB implementation is forcefully enabled and would > always be used. Thus, all virtio devices and others would use it under > the hood. > > The reason for analyzing this interface is that, technologies such as > Intel's Trusted Domain Extensions [1] and AMD's Secure Nested Paging [2] > change the threat model assumed by various Linux kernel subsystems. > These technologies take the presence of a fully malicious hypervisor > into account and aim to provide protection for virtual machines in such > an environment. Therefore, all input received from the hypervisor or an > external device should be carefully validated. Note that these issues > are of little (or no) relevance in a "normal" virtualization setup, > nevertheless we believe that it is required to fix them if TDX or SNP is > used. > > We are happy to provide more information if needed! > > [1] > https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html > > [2] https://www.amd.com/en/processors/amd-secure-encrypted-virtualization > > Bug: > OOB memory write. > dma_unmap_single -> swiotlb_tbl_unmap_single is invoked with dma_addr > and length parameters that are under control of the device. > This happens e.g. in virtio_ring: > https://elixir.bootlin.com/linux/v5.10-rc7/source/drivers/virtio/virtio_ring.c#L378 Heya! Thank you for pointing this out! I've a couple of questions and hope you can help me out with them. Also CC-ing AMD / TDX folks. > > This raises two issues: > 1) swiotlb_tlb_unmap_single fails to check whether the index generated > from the dma_addr is in range of the io_tlb_orig_addr array. That is fairly simple to implement I would think. That is it can check that the dma_addr is from the PA in the io_tlb pool when SWIOTLB=force is used. > 2) when swiotlb_bounce is called the device controls the length of the > memory copied to the cpu address. So.. this sounds very similar to the Intel Thunder.. something issue where this exact issue was fixed by handing the DMA off to the SWIOTLB bounce code. But if that is broken, then that CVE is still not fixed? So the issue here is that swiotlb_tbl_unmap_single(..,mapping_size,) is under the attacker control. Ugh. One way could be to have a io_tlb_orig_addr-ish array with the length of mappings to double check? Couple more questions: - Did you have already some PoC fixes for this? - Is there a CVE associated with this? - Is there a paper on this you all are working on? Thank you! _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-12-14 21:48 UTC|newest] Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-12-11 17:31 swiotlb/virtio: unchecked device dma address and length Felicitas Hetzelt 2020-12-14 21:49 ` Konrad Rzeszutek Wilk [this message] 2020-12-14 21:49 ` Konrad Rzeszutek Wilk 2020-12-15 3:20 ` Jason Wang 2020-12-15 3:20 ` Jason Wang 2020-12-15 14:27 ` Konrad Rzeszutek Wilk 2020-12-15 14:27 ` Konrad Rzeszutek Wilk 2020-12-16 5:53 ` Jason Wang 2020-12-16 5:53 ` Jason Wang 2020-12-16 6:41 ` Jason Wang 2020-12-16 6:41 ` Jason Wang 2020-12-16 13:04 ` Konrad Rzeszutek Wilk 2020-12-16 13:04 ` Konrad Rzeszutek Wilk 2020-12-17 4:19 ` Jason Wang 2020-12-17 4:19 ` Jason Wang 2020-12-17 22:55 ` Ashish Kalra 2020-12-16 8:54 ` Michael S. Tsirkin 2020-12-16 8:54 ` Michael S. Tsirkin 2020-12-16 13:07 ` Konrad Rzeszutek Wilk 2020-12-16 13:07 ` Konrad Rzeszutek Wilk 2020-12-16 22:07 ` Radev, Martin 2020-12-17 23:17 ` Ashish Kalra 2020-12-18 9:28 ` Radev, Martin 2020-12-15 8:47 ` Ashish Kalra 2020-12-15 10:54 ` Felicitas Hetzelt 2020-12-15 14:37 ` Konrad Rzeszutek Wilk 2020-12-15 14:37 ` Konrad Rzeszutek Wilk
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201214214950.GC18103@char.us.oracle.com \ --to=konrad.wilk@oracle.com \ --cc=ashish.kalra@amd.com \ --cc=david.kaplan@amd.com \ --cc=file@sect.tu-berlin.de \ --cc=hch@lst.de \ --cc=iommu@lists.linux-foundation.org \ --cc=jasowang@redhat.com \ --cc=jun.nakajima@intel.com \ --cc=martin.radev@aisec.fraunhofer.de \ --cc=mathias.morbitzer@aisec.fraunhofer.de \ --cc=mst@redhat.com \ --cc=robert@sect.tu-berlin.de \ --cc=virtualization@lists.linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.