| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 08 Jul 2014 09:46:32 +0300 From: Nadav Amit <nadav.amit@...il.com> To: Tang Chen <tangchen@...fujitsu.com> CC: Gleb Natapov <gleb@...nel.org>, mtosatti@...hat.com, kvm@...r.kernel.org, laijs@...fujitsu.com, isimatu.yasuaki@...fujitsu.com, guz.fnst@...fujitsu.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH 4/4] kvm, mem-hotplug: Update apic access page when it is migrated. Tang, I am sorry if I caused any confusion. Following Gleb response, there is no apparent need for dealing with the scenario I mentioned (relocating the APIC base), so you don't need to do any changes to your patch, and I will post another patch later to warn if the guest relocates its APIC (from the default address to another guest physical address). My answers to your questions are below. On 7/8/14, 4:44 AM, Tang Chen wrote: > Hi Nadav, > > Thanks for the reply, please see below. > > On 07/07/2014 08:10 PM, Nadav Amit wrote: >> On 7/7/14, 2:54 PM, Gleb Natapov wrote: >>> On Mon, Jul 07, 2014 at 02:42:27PM +0300, Nadav Amit wrote: >>>> Tang, >>>> >>>> Running some (unrelated) tests I see that KVM does not handle APIC base >>>> relocation correctly. When the base is changed, kvm_lapic_set_base just >>>> changes lapic->base_address without taking further action (i.e., >>>> modifying >>>> the VMCS apic address in VMX). >>>> >>>> This patch follows KVM bad behavior by using the constant >>>> VMX_APIC_ACCESS_PAGE_ADDR instead of lapic->base_address. >>> There is no OS out there that relocates APIC base (in fact it was not >>> always >>> relocatable on real HW), so there is not point in complicating the >>> code to support >>> it. In fact current APIC_ACCESS_ADDR handling relies on the fact that >>> all vcpus >>> has apic mapped at the same address. >>> >>>> >>>> Anyhow, I didn't see anything that would make my life (in fixing the >>>> lapic >>>> base issue) too difficult. Yet, feel free in making it more >>>> "fix-friendly". >>>> >>> Why would you want to fix it? >>> >> If there is no general need, I will not send a fix. However, I think the >> very least a warning message should be appear if the guest relocates the >> APIC base. > > Maybe I didn't understand you question correctly. If I'm wrong, please > tell me. > > This patch does not relocate APIC base in guest, but in host. Host migrates > the apic page to somewhere else, and KVM updates ept pagetable to track it. > In guest, apic base address (gpa) doesn't change. The last claim is true in practice, according to Gleb, but it is not necessarily so according to the specifications. Pentium 4, Intel Xeon and P6 family processors support APIC base relocation. See the Intel SDM section 10.4.5. Anyhow, Gleb claims it is not used by any OS. > > Is this lapic->base_address a hpa ? No, it is guest physical address. > > Is there anywhere I need to update in my patch ? No. I'll send another patch on top of yours that prints a warning if the APIC base is relocated (i.e., the guest physical address of the APIC base is changed). Such relocation is done explicitly by the guest, not by your patch. Nadav -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists