lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Mar 2020 11:09:09 +0100 From: Thomas Gleixner <tglx@...utronix.de> To: Andy Lutomirski <luto@...nel.org>, LKML <linux-kernel@...r.kernel.org>, x86@...nel.org, kvm list <kvm@...r.kernel.org>, Paolo Bonzini <pbonzini@...hat.com> Cc: Andy Lutomirski <luto@...nel.org>, stable@...r.kernel.org Subject: Re: [PATCH] x86/kvm: Disable KVM_ASYNC_PF_SEND_ALWAYS Andy Lutomirski <luto@...nel.org> writes: > The ABI is broken and we cannot support it properly. Turn it off. > > If this causes a meaningful performance regression for someone, KVM > can introduce an improved ABI that is supportable. > > Cc: stable@...r.kernel.org > Signed-off-by: Andy Lutomirski <luto@...nel.org> > --- > arch/x86/kernel/kvm.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c > index 93ab0cbd304e..71f9f39f93da 100644 > --- a/arch/x86/kernel/kvm.c > +++ b/arch/x86/kernel/kvm.c > @@ -318,11 +318,16 @@ static void kvm_guest_cpu_init(void) > > pa = slow_virt_to_phys(this_cpu_ptr(&apf_reason)); > > -#ifdef CONFIG_PREEMPTION > - pa |= KVM_ASYNC_PF_SEND_ALWAYS; > -#endif > pa |= KVM_ASYNC_PF_ENABLED; > > + /* > + * We do not set KVM_ASYNC_PF_SEND_ALWAYS. With the current > + * KVM paravirt ABI, if an async page fault occurs on an early > + * memory access in the normal (sync) #PF path or in an NMI > + * that happens early in the #PF code, the combination of CR2 > + * and the APF reason field will be corrupted. I don't think this can happen. In both cases IF == 0 and that async (think host side) page fault will be completely handled on the host. There is no injection happening in such a case ever. If it does, then yes the host side implementation is buggered, but AFAICT this is not the case. See also my reply in the other thread: https://lore.kernel.org/r/87r1y4a3gw.fsf@nanos.tec.linutronix.de Thanks, tglx
Powered by blists - more mailing lists