| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 May 2017 16:46:39 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: "Huang, Kai" <kai.huang@...ux.intel.com>,
Bandan Das <bsd@...hat.com>, kvm@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/3] nVMX: Implement emulated Page Modification Logging
On 10/05/2017 12:48, Huang, Kai wrote:
>>
>> - if (fault->error_code & PFERR_RSVD_MASK)
>> + if (vmx->nested.pml_full) {
>> + exit_reason = EXIT_REASON_PML_FULL;
>> + vmx->nested.pml_full = false;
>> + exit_qualification &= INTR_INFO_UNBLOCK_NMI;
>
> Sorry I cannot recall the details. probably better to add a comment to
> indicate why mask out INTR_INFO_UNBLOCK_NMI?
It only keeps that bit, because it's the only exit qualification bit
defined for PML full vmexits (27.2.2).
>> + if (nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_PML)) {
>> + if (!nested_cpu_has_ept(vmcs12) ||
>> + !IS_ALIGNED(address, 4096) ||
>> + address >> maxphyaddr)
>> + return -EINVAL;
>> + }
>
> Do we also need to check whether EPT A/D has been enabled for vmcs12 to
> make vmentry work? I cannot recall details but probably not necessary.
The SDM doesn't say so. The "if" above matches the checks in 26.2.1.1
of the manual (Checks on VMX Controls, VM-Execution Control Fields).
>> + /*
>> + * Check if PML is enabled for the nested guest.
>> + * Whether eptp bit 6 is set is already checked
>> + * as part of A/D emulation.
>> + */
>> + vmcs12 = get_vmcs12(vcpu);
>> + if (!nested_cpu_has_pml(vmcs12))
>> + return 0;
>
> Since above nested_vmx_check_pml_controls doesn't check EPT A/D bit in
> L1, seems we need to add this check here.
If EPT A/D is disabled we cannot get here (update_accessed_dirty_bits is
never called).
>> +
>> + if (vmcs12->guest_pml_index > PML_ENTITY_NUM) {
>> + vmx->nested.pml_full = true;
>> + return 1;
>> + }
>
> Is the purpose of returning 1 to make upper layer code to inject PML
> full VMEXIt to L1 in nested_ept_inject_page_fault?
Yes, it triggers a fault
>> +
>> + gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS) & ~0xFFFull;
>> +
>> + page = nested_get_page(vcpu, vmcs12->pml_address);
>> + if (!page)
>> + return 0;
>
> If PML is enabled in L1, I think nested_get_page should never return a
> NULL PML page (unless L1 does something wrong)? Probably better to
> return 1 rather than 0, and handle error in nested_ept_inject_page_fault
> according to vmcs12->pml_address?
This happens if the PML address is invalid (where on real hardware, the
write would just be "eaten") or MMIO (where we expect to diverge from
real hardware behavior).
>> +
>> + pml_address = kmap(page);
>> + pml_address[vmcs12->guest_pml_index--] = gpa;
>
> This gpa is L2 guest's GPA. Do we also need to mark L1's GPA (which is
> related to L2 guest's GPA above) in to dirty-log? Or has this already
> been done?
L1's PML contains L1 host physical addresses, i.e. L0 guest physical
addresses. This GPA comes from vmcs02 and hence it is L0's GPA.
L0's HPA is marked by hardware through PML, as usual. If L0 has EPT A/D
but not PML, it can still provide emulated PML to L1, but L0's HPA will
be marked as dirty via write protection.
Paolo
Powered by blists - more mailing lists