lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 Mar 2016 11:04:21 -0700
From:	David Matlack <dmatlack@...gle.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	kvm list <kvm@...r.kernel.org>, jmontleo@...hat.com,
	bdas@...hat.com
Subject: Re: [PATCH 0/3] KVM: VMX: fix handling inv{ept,vpid} and nested RHEL6 KVM

On Fri, Mar 18, 2016 at 10:58 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
>
>
> On 18/03/2016 18:42, David Matlack wrote:
>> On Fri, Mar 18, 2016 at 9:09 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
>>> Patches 1 and 2 fix two cases where a guest could hang at 100% CPU
>>> due to mis-emulation of a failing invept or invvpid.
>>
>> Will you be sending out kvm-unit-test test cases for these?
>
> Yes, of course, especially for patches 1 and 2.

Thanks!

> However I first want to
> add a --enable-unsafe option for stuff that breaks particularly badly
> when the test fails.  We don't do nested virt CVEs (yet), but all of
> these would be treated as vulnerabilities if we did---the tests would
> effectively DoS the host.

How does this DoS the host? The guest is stuck executing the same
instruction over and over, but it's exiting to KVM every time,
allowing KVM to reschedule the VCPU. I would agree it DoSes the guest.

>
> The infamous #AC failure could also be under a flag like that, and I
> remember a similar topic popping up with a LAPIC fix from Google.
>
> Paolo
>
>>>
>>> Patch 3 works around a bug in RHEL6 KVM, which is exposed by nested
>>> VPID support; RHEL6 KVM uses single-context invvpid unconditionally,
>>> but until now KVM did not provide it.
>>>
>>> Paolo
>>>
>>
>> For the series,
>>
>> Reviewed-by: David Matlack <dmatlack@...gle.com>
>>
>>> Paolo Bonzini (3):
>>>   KVM: VMX: avoid guest hang on invalid invept instruction
>>>   KVM: VMX: avoid guest hang on invalid invvpid instruction
>>>   KVM: VMX: fix nested vpid for old KVM guests
>>>
>>>  arch/x86/kvm/vmx.c | 16 +++++++++++++++-
>>>  1 file changed, 15 insertions(+), 1 deletion(-)
>>>
>>> --
>>> 1.8.3.1
>>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ