lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190617200700.GA30158@linux.intel.com>
Date:   Mon, 17 Jun 2019 13:07:01 -0700
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Radim Krčmář <rkrcmar@...hat.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, vkuznets@...hat.com, stable@...r.kernel.org
Subject: Re: [PATCH 22/43] KVM: nVMX: Don't dump VMCS if virtual APIC page
 can't be mapped

On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
> 2019-06-13 19:03+0200, Paolo Bonzini:
> > From: Sean Christopherson <sean.j.christopherson@...el.com>
> > 
> > ... as a malicious userspace can run a toy guest to generate invalid
> > virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> > messages.
> > 
> > Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> > Cc: stable@...r.kernel.org
> > Cc: Paolo Bonzini <pbonzini@...hat.com>
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
> > Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> > ---
> 
> Makes me wonder why it looks like this in kvm/queue. :)

Presumably something is wonky in Paolo's workflow, this happened before.

commit d69129b4e46a7b61dc956af038d143eb791f22c7
Author: Sean Christopherson <sean.j.christopherson@...xxxxxx>
Date:   Wed May 8 07:32:15 2019 -0700

    KVM: nVMX: Disable intercept for FS/GS base MSRs in vmcs02 when possible

    If L1 is using an MSR bitmap, unconditionally merge the MSR bitmaps from
    L0 and L1 for MSR_{KERNEL,}_{FS,GS}_BASE.  KVM unconditionally exposes
    MSRs L1.  If KVM is also running in L1 then it's highly likely L1 is
    also exposing the MSRs to L2, i.e. KVM doesn't need to intercept L2
    accesses.

    Based on code from Jintack Lim.

    Cc: Jintack Lim <jintack@...xxxxxxxxxxxx>
    Signed-off-by: Sean Christopherson <sean.j.christopherson@...xxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>

> 
>   commit 1971a835297f9098ce5a735d38916830b8313a65
>   Author:     Sean Christopherson <sean.j.christopherson@...xxxxxx>
>   AuthorDate: Tue May 7 09:06:26 2019 -0700
>   Commit:     Paolo Bonzini <pbonzini@...hat.com>
>   CommitDate: Thu Jun 13 16:23:13 2019 +0200
>   
>       KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
>       
>       ... as a malicious userspace can run a toy guest to generate invalid
>       virtual-APIC page addresses in L1, i.e. flood the kernel log with error
>       messages.
>       
>       Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
>       Cc: stable@...xxxxxxxxxxxx
>       Cc: Paolo Bonzini <pbonzini@...xxxxxxx>
>       Signed-off-by: Sean Christopherson <sean.j.christopherson@...xxxxxx>
>       Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ