lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <564216CE.5020500@redhat.com>
Date:	Tue, 10 Nov 2015 17:09:50 +0100
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	Jan Kiszka <jan.kiszka@...mens.com>, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Cc:	digitaleric@...gle.com
Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests



On 10/11/2015 16:38, Jan Kiszka wrote:
> On 2015-11-10 13:22, Paolo Bonzini wrote:
>> Yes, these can happen.  The issue is that benign exceptions are
>> delivered serially, but two of them (#DB and #AC) can also happen
>> during exception delivery itself.  The subsequent infinite stream
>> of exceptions causes the processor to never exit guest mode.
>>
>> Paolo
>>
>> Eric Northup (1):
>>   KVM: x86: work around infinite loop in microcode when #AC is delivered
>>
>> Paolo Bonzini (2):
>>   KVM: svm: unconditionally intercept #DB
>>   KVM: x86: rename update_db_bp_intercept to update_bp_intercept
>>
>>  arch/x86/include/asm/kvm_host.h |  2 +-
>>  arch/x86/include/uapi/asm/svm.h |  1 +
>>  arch/x86/kvm/svm.c              | 22 +++++++++++-----------
>>  arch/x86/kvm/vmx.c              |  7 +++++--
>>  arch/x86/kvm/x86.c              |  2 +-
>>  5 files changed, 19 insertions(+), 15 deletions(-)
>>
> 
> So this affects both Intel and AMD CPUs equally? Nice cross-vendor
> "compatibility".

Yes, it's for both.

> And it can only be triggered via #AC and #DB, or also other exceptions
> (that KVM already happens to intercept)?

Yes, these are the sole benign exceptions that can occur during
exception delivery.  All other benign exceptions only occur as the
result of executing instructions.

> You may guess why I'm asking...
> Is any of the issues already documented in a vendor errata?

No idea.  As far as I understood, processor engineers consider this to
be intended behavior (!) though they admit that the outcome for
virtualization is bad.

I don't have a reproducer for this yet (I have only tested the patches
by ensuring that they do not regress on the legal cases), but from what
I heard at least on Intel the #AC injection actually causes a failed
VM-entry...  Yet, nothing in the manual suggests _why_.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ