lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Aug 2017 18:15:56 +0300
From:   "Michael S. Tsirkin" <mst@...hat.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     Radim Krčmář <rkrcmar@...hat.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] kvm: x86: disable KVM_FAST_MMIO_BUS

On Thu, Aug 17, 2017 at 11:00:01AM +0200, Paolo Bonzini wrote:
> >> and also not a page table walk---just in case.
> > 
> > I still don't get it, sorry. Let's assume for the sake of argument
> > that it's a PT walk causing the MMIO access. Just why do you think
> > that it makes sense to skip the instruction that caused the walk?
> 
> I think it doesn't.  I think in that case it's better to skip the fast
> write and proceed with full emulation.

Right. So my argument is that fast mmio is used for paravirtualization
exclusively. Thus someone doing anything that isn't a memory write to
trigger it gets to keep both pieces.

I get it that even writes don't work in some nested virt setups, and
this seems worth fixing, and I get it that we have inadvertently relied
on an undocumented behaviour.

I would like to understand whether you believe that on bare metal and
when accessing MMIO using writes exclusively, and after checking the
address matches one of the paravirtualized device, there's still a real
chance length is invalid, or is it more a question of missing
documentation.

-- 
MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ