| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANRm+Cw7Hta7TRBZbqHkg_-UBoQYHYZoGPTEcw6TRZ2kmDcYwg@mail.gmail.com>
Date: Thu, 23 Nov 2017 17:13:32 +0800
From: Wanpeng Li <kernellwp@...il.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Liran Alon <LIRAN.ALON@...cle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
kvm <kvm@...r.kernel.org>,
Radim Krčmář <rkrcmar@...hat.com>,
Wanpeng Li <wanpeng.li@...mail.com>,
Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: [PATCH] KVM: VMX: Fix vmx->nested freeing when no SMI handler
d2017-11-23 0:56 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
> On 22/11/2017 10:43, Liran Alon wrote:
>>>>
>>>> I think we should also set "vmx->nested.smm.vmxon = false;"
>>>> after "vmx->nested.vmxon = false;" to correctlyhandle the case
>>>> VMXOFF is executed from SMI handler. Otherwise, when SMI handler
>>>> executes RSM, we will reach vmx_pre_leave_smm() which will set
>>>> again "vmx->nested.vmxon = true;" which I think shouldn't
>>>> happen.
>>>
>>> I didn't see a real scenario for this.
>>
>> Actually I later saw that handle_vmoff() calls
>> nested_vmx_check_permission() which indeed won't allow to continue
>> executing if running from SMI because vmx->nested.vmxon=false; and
>> therefore this will raise a #UD. So you are right. :)
>
> Still, not clearing the flag is wrong. free_nested is also called by
> vmx_leave_nested when the host writes 0 to MSR_IA32_FEATURE_CONTROL with
> KVM_SET_MSRS.
Do it in v2. :)
Regards,
Wanpeng Li
Powered by blists - more mailing lists