| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160812094403.GC8001@potion> Date: Fri, 12 Aug 2016 11:44:04 +0200 From: Radim Krčmář <rkrcmar@...hat.com> To: Wanpeng Li <kernellwp@...il.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org>, Jim Mattson <jmattson@...gle.com>, Wincy Van <fanwenyi0529@...il.com>, Paolo Bonzini <pbonzini@...hat.com>, Bandan Das <bsd@...hat.com> Subject: Re: [PATCH 2/2] KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write 2016-08-12 14:07+0800, Wanpeng Li: > 2016-08-09 2:16 GMT+08:00 Radim Krčmář <rkrcmar@...hat.com>: >> If vmcs12 does not intercept APIC_BASE writes, then KVM will handle the >> write with vmcs02 as the current VMCS. >> This will incorrectly apply modifications intended for vmcs01 to vmcs02 >> and L2 can use it to gain access to L0's x2APIC registers by disabling >> virtualized x2APIC while using msr bitmap that assumes enabled. >> >> Postpone execution of vmx_set_virtual_x2apic_mode until vmcs01 is the >> current VMCS. An alternative solution would temporarily make vmcs01 the >> current VMCS, but it requires more care. > > There is a scenario both L1 and L2 are running on x2apic mode, L1 > don't own the APIC_BASE writes, then L2 is intended to disable x2apic > mode, however, your logic will also disable x2apic mode for L1. You mean a case where L1 does intercept APIC_BASE? That case is not affected, because it should cause a nested VM exit, so vmx_set_virtual_x2apic_mode() won't be called in the first place.
Powered by blists - more mailing lists