lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Sep 2016 01:12:40 +0200 From: Radim Krčmář <rkrcmar@...hat.com> To: Wanpeng Li <kernellwp@...il.com> Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, Wanpeng Li <wanpeng.li@...mail.com>, Paolo Bonzini <pbonzini@...hat.com>, Jan Kiszka <jan.kiszka@...mens.com>, Bandan Das <bsd@...hat.com> Subject: Re: [PATCH v2] KVM: nVMX: Fix the NMI IDT-vectoring handling 2016-09-22 17:55+0800, Wanpeng Li: > From: Wanpeng Li <wanpeng.li@...mail.com> > > Run kvm-unit-tests/eventinj.flat in L1: > > Sending NMI to self > After NMI to self > FAIL: NMI > > This test scenario is to test whether VMM can handle NMI IDT-vectoring info correctly. > > At the beginning, L2 writes LAPIC to send a self NMI, the EPT page tables on both L1 > and L0 are empty so: > > - The L2 accesses memory can generate EPT violation which can be intercepted by L0. > > The EPT violation vmexit occurred during delivery of this NMI, and the NMI info is > recorded in vmcs02's IDT-vectoring info. > > - L0 walks L1's EPT12 and L0 sees the mapping is invalid, it injects the EPT violation into L1. > > The vmcs02's IDT-vectoring info is reflected to vmcs12's IDT-vectoring info since > it is a nested vmexit. > > - L1 receives the EPT violation, then fixes its EPT12. > - L1 executes VMRESUME to resume L2 which generates vmexit and causes L1 exits to L0. > - L0 emulates VMRESUME which is called from L1, then return to L2. > > L0 merges the requirement of vmcs12's IDT-vectoring info and injects it to L2 through > vmcs02. > > - The L2 re-executes the fault instruction and cause EPT violation again. > - Since the L1's EPT12 is valid, L0 can fix its EPT02 > - L0 resume L2 > > The EPT violation vmexit occurred during delivery of this NMI again, and the NMI info > is recorded in vmcs02's IDT-vectoring info. L0 should inject the NMI through vmentry > event injection since it is caused by EPT02's EPT violation. > > However, vmx_inject_nmi() refuses to inject NMI from IDT-vectoring info if vCPU is in > guest mode, this patch fix it by permitting to inject NMI from IDT-vectoring if it is > the L0's responsibility to inject NMI from IDT-vectoring info to L2. > > Cc: Paolo Bonzini <pbonzini@...hat.com> > Cc: Radim Krčmář <rkrcmar@...hat.com> > Cc: Jan Kiszka <jan.kiszka@...mens.com> > Cc: Bandan Das <bsd@...hat.com> > Signed-off-by: Wanpeng Li <wanpeng.li@...mail.com> > --- Applied to kvm/queue, thanks.
Powered by blists - more mailing lists