| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2019 13:07:01 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Radim Krčmář <rkrcmar@...hat.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, vkuznets@...hat.com, stable@...r.kernel.org
Subject: Re: [PATCH 22/43] KVM: nVMX: Don't dump VMCS if virtual APIC page
can't be mapped
On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
> 2019-06-13 19:03+0200, Paolo Bonzini:
> > From: Sean Christopherson <sean.j.christopherson@...el.com>
> >
> > ... as a malicious userspace can run a toy guest to generate invalid
> > virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> > messages.
> >
> > Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> > Cc: stable@...r.kernel.org
> > Cc: Paolo Bonzini <pbonzini@...hat.com>
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@...el.com>
> > Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> > ---
>
> Makes me wonder why it looks like this in kvm/queue. :)
Presumably something is wonky in Paolo's workflow, this happened before.
commit d69129b4e46a7b61dc956af038d143eb791f22c7
Author: Sean Christopherson <sean.j.christopherson@...xxxxxx>
Date: Wed May 8 07:32:15 2019 -0700
KVM: nVMX: Disable intercept for FS/GS base MSRs in vmcs02 when possible
If L1 is using an MSR bitmap, unconditionally merge the MSR bitmaps from
L0 and L1 for MSR_{KERNEL,}_{FS,GS}_BASE. KVM unconditionally exposes
MSRs L1. If KVM is also running in L1 then it's highly likely L1 is
also exposing the MSRs to L2, i.e. KVM doesn't need to intercept L2
accesses.
Based on code from Jintack Lim.
Cc: Jintack Lim <jintack@...xxxxxxxxxxxx>
Signed-off-by: Sean Christopherson <sean.j.christopherson@...xxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
>
> commit 1971a835297f9098ce5a735d38916830b8313a65
> Author: Sean Christopherson <sean.j.christopherson@...xxxxxx>
> AuthorDate: Tue May 7 09:06:26 2019 -0700
> Commit: Paolo Bonzini <pbonzini@...hat.com>
> CommitDate: Thu Jun 13 16:23:13 2019 +0200
>
> KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
>
> ... as a malicious userspace can run a toy guest to generate invalid
> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> messages.
>
> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> Cc: stable@...xxxxxxxxxxxx
> Cc: Paolo Bonzini <pbonzini@...xxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@...xxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
Powered by blists - more mailing lists