| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jul 2015 16:57:08 +0200 From: Laszlo Ersek <lersek@...hat.com> To: Paolo Bonzini <pbonzini@...hat.com>, Bandan Das <bsd@...hat.com> CC: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, qemu-devel@...gnu.org Subject: Re: [PATCH] KVM: x86: Add host physical address width capability On 07/10/15 16:13, Paolo Bonzini wrote: > > > On 09/07/2015 20:57, Laszlo Ersek wrote: >>> Without EPT, you don't >>> hit the processor limitation with your setup, but the user should nevertheless >>> still be notified. >> >> I disagree. > > FWIW, I also disagree (and it looks like Bandan disagrees with himself > now :)). > >>> In fact, I think shadow paging code should also emulate >>> this behavior if the gpa is out of range. >> >> I disagree. > > Same here. > >> There is no "out of range" gpa. QEMU allocates enough memory, and it >> should be completely transparent to the guest. The fact that it silently >> breaks with nested paging if the host processor doesn't have enough >> address bits is a bug (maybe a hardware bug, maybe a KVM bug; I'm not >> sure, but I suspect it's a hardware bug). > > It's a hardware bug, possibly due to some limitations in the physical > addresses that the TLB can store? I guess KVM could detect the > situation and fall back to sloooow shadow paging. > >> ... In any case, please understand that I'm not campaigning for this >> warning :) IIRC the warning was your (very welcome!) idea after I >> reported the problem; I'm just trying to ensure that the warning match >> the exact issue I encountered. > > Yup. I think the right thing to do would be to hide memory above the > limit. How so? - The stack would not be doing what the user asks for. Pass -m <a_lot>, and the guest would silently see less memory. If the user found out, he'd immediately ask (or set out debugging) why. I think if the user's request cannot be satisfied, the stack should fail hard. - Assuming the user didn't find out, and the guest just worked (with less memory than the user asked for), then the hidden portion of the memory (that QEMU allocated nonetheless) would be just wasted, on the host system. (Especially with overcommit_memory=2 (which is the most prudent setting).) Thanks Laszlo > A kernel patch to query the limit is definitely necessary, but > it needs to return e.g. 48 for shadow paging (otherwise you could just > use CPUID). I'm not sure if the rest is possible with just QEMU, or it > requires help from the firmware. Probably yes. > > Paolo > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists