lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <540602CE.8090503@gmail.com>
Date:	Tue, 02 Sep 2014 20:47:58 +0300
From:	Avi Kivity <avi.kivity@...il.com>
To:	Paolo Bonzini <pbonzini@...hat.com>, Joerg Roedel <jroedel@...e.de>
CC:	linux-kernel@...r.kernel.org, kvm@...r.kernel.org, agraf@...e.de,
	valentine.sinitsyn@...il.com, jan.kiszka@...mens.com,
	gleb@...udius-systems.com, avi@...udius-systems.com
Subject: Re: [PATCH 2/4] KVM: nSVM: propagate the NPF EXITINFO to the guest


On 09/02/2014 07:46 PM, Paolo Bonzini wrote:
> */
>>>   		if (unlikely(real_gfn == UNMAPPED_GVA))
>>>   			goto error;
>>> @@ -1974,10 +1974,28 @@ static void nested_svm_inject_npf_exit(struct kvm_vcpu *vcpu,
>>>   {
>>>   	struct vcpu_svm *svm = to_svm(vcpu);
>>>   
>>> -	svm->vmcb->control.exit_code = SVM_EXIT_NPF;
>>> -	svm->vmcb->control.exit_code_hi = 0;
>>> -	svm->vmcb->control.exit_info_1 = fault->error_code;
>>> -	svm->vmcb->control.exit_info_2 = fault->address;
>>> +	/*
>>> +	 * We can keep the value that the processor stored in the VMCB,
>>> +	 * but make up something sensible if we hit the WARN.
>>> +	 */
>>> +	if (WARN_ON(svm->vmcb->control.exit_code != SVM_EXIT_NPF)) {
>>> +		svm->vmcb->control.exit_code = SVM_EXIT_NPF;
>>> +		svm->vmcb->control.exit_code_hi = 0;
>>> +		svm->vmcb->control.exit_info_1 = (1ULL << 32);
>>> +		svm->vmcb->control.exit_info_2 = fault->address;
>>> +	}
>> Its been a while since I looked into this, but is an injected NPF exit
>> always the result of a real NPF exit?
> I think so, but that's why I CCed you. :)

It could always be the result of emulation into which L0 was tricked.  I 
don't think it's a safe assumption.

>> How about an io-port emulated on
>> L1 but passed through to L2 by the nested hypervisor. On emulation of
>> INS or OUTS, KVM would need to read/write to an L2 address space,
> It would need to read/write to *L1* (that's where the VMCB's IOIO map
> lies), which could result into a regular page fault injected into L1.
>
> Paolo
>
>> maybe
>> causing NPF faults to be injected. In this case an IOIO exit would cause
>> an injected NPF exit for L1.
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ