lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 12 May 2017 10:39:12 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Xiao Guangrong <guangrong.xiao@...il.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc:     Peter Feiner <pfeiner@...gle.com>,
        David Matlack <dmatlack@...gle.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Xiao Guangrong <xiaoguangrong@...cent.com>,
        Wanpeng Li <wanpeng.li@...mail.com>, kevin.tian@...el.com
Subject: Re: [PATCH 2/2] KVM: nVMX: fix nEPT handling of guest page table
 accesses

On 12/05/2017 09:38, Xiao Guangrong wrote:
> CC Kevin as i am not sure if Intel is aware of this issue, it
> breaks other hypervisors, e.g, Xen, as swell.

It's actually more complicated.

When EPT A/D bits are disabled, reads of the page tables behave as
described in the manual; writes have both bit 0 and bit 1 set, while the
manual suggests only bit 1 is set.

Peter and David convinced me that it's a hypervisor bug, and I'm not
surprised that Xen has the same issue.  You have to disable EPT A/D bits
for shadow EPT page tables when the L1 hypervisor is not using them.

Paolo

Powered by blists - more mailing lists