On 26.11.24 16:31, Wei Chen wrote:
> How can you be sure (IOW trigger) that the system will store
> "important data" like EPTs?
We cannot, but we have designed the attack (see below) to improve the
possibility.
> So is one magic bit really that for your experiments, one needs a
> viommu?
Admittedly the way we accomplish a VM escape is a bit arcane.
That's what I imagined :)
We require device passthrough because it pins the VM's memory down and
converts them to MIGRATE_UNMOVABLE.
Interesting, that's news to me. Can you share where GUP in the kernel
would do that?
Hotplugged memory will also be
converted to MIGRATE_UNMOVABLE.
But that's in the VM? Because we don't hotplug memory in the hypervisor.
That way when we give memory back to the
hypervisor, they stay UNMOVABLE. Otherwise we will have to convert the
pages to UNMOVABLE or exhaust ALL MIGRATE_MOVALE pages, both of which
cannot be easily accomplished.
Then we require vIOMMU because vIOMMU mappings, much like EPTEs, use
MIGRATE_UNMOVABLE pages as well. By spawning lots of meaningless vIOMMU
entries, we exhaust UNMOVABLE page blocks of lower orders (<9). Next
time KVM tries to allocate pages to store EPTEs, the kernel has to split
an order-9 page block, which is exactly the size of a 2MB sub-block.
Ah, so you also need a THP in the hypervisor I assume.
> Out of curiosity, are newer CPUs no longer affected?
When qemu pins down the VM's memory, it also establishes every possible
mapping to the VM's memory in the EPT.
To spawn new EPTEs, we exploit KVM's fix to the iTLB multihit bug.
Basically, we execute a bunch of no-op functions, and KVM will have to
split hugepages into 4KB pages. This process creates a large number of
EPTEs.
The iTLB multihit bug roughly speaking is only present on non-Atom Intel
CPUs manufactured before 2020.
Interesting, thanks!
> So it won't be sufficient to have a single sub-block plugged and then
> trigger VIRTIO_MEM_REQ_UNPLUG_ALL?
Could work in theory, but if the newly plugged sub-block does not
contain vulnerable pages, there is no promise that the attacker would
get a sub-block containing a different set of pages next time.
Right.
--
Cheers,
David / dhildenb
