| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161122205600.GC12634@potion>
Date: Tue, 22 Nov 2016 21:56:01 +0100
From: Radim Krčmář <rkrcmar@...hat.com>
To: Nadav Amit <nadav.amit@...il.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
KVM list <kvm@...r.kernel.org>, stable@...r.kernel.org,
Dmitry Vyukov <dvyukov@...gle.com>,
Steve Rutherford <srutherford@...gle.com>,
Andrew Honig <ahonig@...gle.com>,
Prasad Pandit <ppandit@...hat.com>
Subject: Re: [PATCH] KVM: x86: restore IP after all far jump failures
2016-11-22 11:43-0800, Nadav Amit:
> I admit my wrongdoings, but I still think the fix should have been to
> remove the entire recovery logic and just return X86EMUL_UNHANDLEABLE if
> something goes wrong (exception). This will kill the misbehaving process
> but keep the VM running.
X86EMUL_UNHANDLEABLE will kill the whole VM (on QEMU, other userspaces
might handle the instruction and resume KVM).
The recovery path is in the spec, which means that nothing goes wrong.
I think we implement the spec quite well now, so keeping the #GP and CS
recovery is slightly better, although not safer.
> Otherwise, a malicious VM process, which can somehow control descriptors
> (LDT?) may modify the descriptor during the emulation and get the system
> to inconsistent state and prevent the VM-entry.
We restore the original CS -- malicious guest would get killed on a
failed VM entry anyway, so the difference is only in KVM internal error
code (assuming there are no other bugs).
Am I misunderstanding something?
Powered by blists - more mailing lists