| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <da3f8d2d-04c2-d2f8-0752-7d484c9bc25b@redhat.com>
Date: Thu, 27 Jul 2017 18:27:49 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Brijesh Singh <brijesh.singh@....com>, kvm@...r.kernel.org
Cc: thomas.lendacky@....com, rkrcmar@...hat.com, joro@...tes.org,
x86@...nel.org, linux-kernel@...r.kernel.org, mingo@...hat.com,
hpa@...or.com, tglx@...utronix.de, bp@...e.de
Subject: Re: [PATCH v2 1/3] kvm: svm: Add support for additional SVM NPF error
codes
On 23/11/2016 18:01, Brijesh Singh wrote:
>
> + /*
> + * Before emulating the instruction, check if the error code
> + * was due to a RO violation while translating the guest page.
> + * This can occur when using nested virtualization with nested
> + * paging in both guests. If true, we simply unprotect the page
> + * and resume the guest.
> + *
> + * Note: AMD only (since it supports the PFERR_GUEST_PAGE_MASK used
> + * in PFERR_NEXT_GUEST_PAGE)
> + */
> + if (error_code == PFERR_NESTED_GUEST_PAGE) {
> + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2));
> + return 1;
> + }
What happens if L1 is mapping some memory that is read only in L0? That
is, the L1 nested page tables make it read-write, but the L0 shadow
nested page tables make it read-only.
Accessing it would cause an NPF, and then my guess is that the L1 guest
would loop on the failing instruction instead of just dropping the write.
Paolo
Powered by blists - more mailing lists