lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k1d8d6sl.fsf@vitty.brq.redhat.com>
Date:   Wed, 26 Jun 2019 11:39:38 +0200
From:   Vitaly Kuznetsov <vkuznets@...hat.com>
To:     Liran Alon <liran.alon@...cle.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH] x86/kvm/nVMCS: fix VMCLEAR when Enlightened VMCS is in use

Liran Alon <liran.alon@...cle.com> writes:

>> On 24 Jun 2019, at 17:16, Vitaly Kuznetsov <vkuznets@...hat.com> wrote:
>> 
>> 
>> That said I'm ok with dropping nested_release_evmcs() for consistency
>> but we can't just drop 'if (vmptr == vmx->nested.hv_evmcs_vmptr)’.
>
> Right. I meant that we can just change code to:
>
> /* Add relevant comment here as this is not trivial why we do this */
> If (likely(!vmx->nested.enlightened_vmcs_enabled) ||
>     nested_enlightened_vmentry(vcpu, &evmptr)) {
>
>     if (vmptr == vmx->nested.current_vmptr)
>         nested_release_vmcs12(vcpu);
>
>     kvm_vcpu_write_guest(…);
> }
>

The change, to my surprise, resulted in a set of L2 guest crashes. After
some debugging I figured out that clean fields is to blame: after
Windows does VMCLEAR it doesn't maintain clean field data before the
next VMLAUNCH - and nested_vmx_handle_enlightened_vmptrld() does nothing
in case evmcs_vmptr stays unchanged (so VMLAUNCH follows VMCLEAR on the
same vCPU). We apparently need to invalidate clean fields data on every
VMLAUCH. This is fix of its own, I'll do more testing and send v2.

-- 
Vitaly

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ