Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter proxy_irrs from proxied interrupts from the host to only signal bits the guest has configured and is expecting #563

Open
cperezvargas opened this issue Dec 20, 2024 · 0 comments
Open

Filter proxy_irrs from proxied interrupts from the host to only signal bits the guest has configured and is expecting #563

cperezvargas opened this issue Dec 20, 2024 · 0 comments
Labels
snp SNP specific bugs or features tdx TDX specific bugs or features
Milestone
OpenHCL support f...

Comments

@cperezvargas
Copy link
Contributor

When the hypervisor presents a proxy interrupt intercept message, the kernel directly puts the signaled bits into proxy_irr without any validation. Today, the vp backing implementations for both SNP and TDX trust that the hypervisor is only signaling bits that the guest has requested.

We can't rely on that, as a malicious hypervisor may choose to signal any arbitrary bits. Instead, underhill needs to track which SINTs have been enabled by the guest via hypercalls and SINT MSR writes, and only allow forwarding those to the APIC.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
snp SNP specific bugs or features tdx TDX specific bugs or features
Projects
None yet
Milestone
OpenHCL support for the preview of TD...
Development

No branches or pull requests
1 participant
@cperezvargas