| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Jul 2015 22:15:54 +0200 From: Laszlo Ersek <lersek@...hat.com> To: Bandan Das <bsd@...hat.com> CC: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, qemu-devel@...gnu.org Subject: Re: [PATCH] KVM: x86: Add host physical address width capability On 07/09/15 22:02, Bandan Das wrote: > Laszlo Ersek <lersek@...hat.com> writes: > ... >> Yes. >> >>> Without EPT, you don't >>> hit the processor limitation with your setup, but the user should nevertheless >>> still be notified. >> >> I disagree. >> >>> In fact, I think shadow paging code should also emulate >>> this behavior if the gpa is out of range. >> >> I disagree. >> >> There is no "out of range" gpa. QEMU allocates enough memory, and it >> should be completely transparent to the guest. The fact that it silently >> breaks with nested paging if the host processor doesn't have enough >> address bits is a bug (maybe a hardware bug, maybe a KVM bug; I'm not >> sure, but I suspect it's a hardware bug). In any case the guest >> shouldn't care at all. It is a *virtual* machine, and the VMM should lie >> to it plausibly enough. How much RAM, and how many phys address bits the >> host has, is a performance question, but it should not be a correctness >> question. A 256 GB guest should run (slowly, but correctly) on a laptop >> that has only 4 GB of RAM and only 36 phys addr bits, but plenty of swap >> space. >> >> Because otherwise your argument could be extrapolated as "TCG should >> break too if the gpa is 'out of range'". >> >> So, I disagree. Whatever memory you give to the guest should just work >> (unless of course you want to emulate a small address width for the >> *VCPU*, but that's absolutely not the use case here). What we have here >> is a leaky abstraction: a PCPU limitation giving away a lie that the >> guest should never notice. The guest should be able to use all memory >> that was specified with QEMU's -m, regardless of TCG vs. KVM-without-EPT >> vs. KVM-with-EPT. If the last case cannot work (due to hardware >> limitations), that's fine, but then (and only then) a warning should be >> printed. > > Hmm... Ok, I understand your point. So, this is more like a EPT > limitation/bug in that Qemu isn't complaining about the memory assigned > to the guest but EPT code is breaking owing to the processor physical > address width. Exactly. > And honestly, I now think that this patch just makes the whole > situation more confusing :) I am wondering if it's just possible for kvm to > simply throw an error like a EPT misconfiguration or something .. > > Or in other words, if using a hardware assisted mechanism is just not > possible, KVM will simply not let it run instead of letting a guest > stuck in boot. That would be the best solution. Thanks Laszlo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists