| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Jul 2012 22:31:47 +0200
From: Sasha Levin <levinsasha928@...il.com>
To: Anthony Liguori <anthony@...emonkey.ws>
CC: Wen Congyang <wency@...fujitsu.com>,
kvm list <kvm@...r.kernel.org>,
qemu-devel <qemu-devel@...gnu.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Avi Kivity <avi@...hat.com>,
"Daniel P. Berrange" <berrange@...hat.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Jan Kiszka <jan.kiszka@...mens.com>,
Gleb Natapov <gleb@...hat.com>
Subject: Re: [Qemu-devel] [PATCH v7] kvm: notify host when the guest is panicked
On 07/22/2012 10:19 PM, Sasha Levin wrote:
> On 07/22/2012 09:22 PM, Anthony Liguori wrote:
>> Sasha Levin <levinsasha928@...il.com> writes:
>>
>>> On 07/21/2012 09:12 AM, Wen Congyang wrote:
>>>> +#define KVM_PV_PORT (0x505UL)
>>>> +
>>>> #ifdef __KERNEL__
>>>> #include <asm/processor.h>
>>>>
>>>> @@ -221,6 +223,11 @@ static inline void kvm_disable_steal_time(void)
>>>> }
>>>> #endif
>>>>
>>>> +static inline unsigned int kvm_arch_pv_features(void)
>>>> +{
>>>> + return inl(KVM_PV_PORT);
>>>> +}
>>>> +
>>>
>>> Why is this safe?
>>>
>>> I'm not sure you can just pick any ioport you'd like and use it.
>>
>> There are three ways I/O ports get used on a PC:
>>
>> 1) Platform devices
>> - This is well defined since the vast majority of platform devices are
>> implemented within a single chip. If you're emulating an i440fx
>> chipset, the PIIX4 spec has an exhaustive list.
>>
>> 2) PCI devices
>> - Typically, PCI only allocates ports starting at 0x0d00 to avoid
>> conflicts with ISA devices.
>>
>> 3) ISA devices
>> - ISA uses subtractive decoding so any ISA device can access. In
>> theory, an ISA device could attempt to use port 0x0505 but it's
>> unlikely. In a modern guest, there aren't really any ISA devices being
>> added either.
>>
>> So yes, picking port 0x0505 is safe for something like this (as long as
>> you check to make sure that you really are under KVM).
>
> Is there anything that actually prevents me from using PCI ports lower than 0x0d00? As you said in (3), ISA isn't really used anymore (nor is implemented by lkvm for example), so placing PCI below 0x0d00 might even make sense in that case.
>
> Furthermore, I can place one of these brand new virtio-mmio devices which got introduced recently wherever I want right now - Having a device that uses 0x505 would cause a pretty non-obvious failure mode.
>
> Either way, If we are going to grab an ioport, then:
>
> - It should be documented well somewhere in Documentation/virt/kvm
> - It should go through request_region() to actually claim those ioports.
> - It should fail gracefully if that port is taken for some reason, instead of not even checking it.
>
Out of curiosity I tested that, and apparently lkvm has no problem allocating virtio-pci devices in that range:
sh-4.2# pwd
/sys/devices/pci0000:00/0000:00:01.0
sh-4.2# cat resource | head -n1
0x0000000000000500 0x00000000000005ff 0x0000000000040101
This was with the commit in question applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists