lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 07 Mar 2020 11:09:09 +0100
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Andy Lutomirski <luto@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        kvm list <kvm@...r.kernel.org>,
        Paolo Bonzini <pbonzini@...hat.com>
Cc:     Andy Lutomirski <luto@...nel.org>, stable@...r.kernel.org
Subject: Re: [PATCH] x86/kvm: Disable KVM_ASYNC_PF_SEND_ALWAYS

Andy Lutomirski <luto@...nel.org> writes:

> The ABI is broken and we cannot support it properly.  Turn it off.
>
> If this causes a meaningful performance regression for someone, KVM
> can introduce an improved ABI that is supportable.
>
> Cc: stable@...r.kernel.org
> Signed-off-by: Andy Lutomirski <luto@...nel.org>
> ---
>  arch/x86/kernel/kvm.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
> index 93ab0cbd304e..71f9f39f93da 100644
> --- a/arch/x86/kernel/kvm.c
> +++ b/arch/x86/kernel/kvm.c
> @@ -318,11 +318,16 @@ static void kvm_guest_cpu_init(void)
>  
>  		pa = slow_virt_to_phys(this_cpu_ptr(&apf_reason));
>  
> -#ifdef CONFIG_PREEMPTION
> -		pa |= KVM_ASYNC_PF_SEND_ALWAYS;
> -#endif
>  		pa |= KVM_ASYNC_PF_ENABLED;
>  
> +		/*
> +		 * We do not set KVM_ASYNC_PF_SEND_ALWAYS.  With the current
> +		 * KVM paravirt ABI, if an async page fault occurs on an early
> +		 * memory access in the normal (sync) #PF path or in an NMI
> +		 * that happens early in the #PF code, the combination of CR2
> +		 * and the APF reason field will be corrupted.

I don't think this can happen. In both cases IF == 0 and that async
(think host side) page fault will be completely handled on the
host. There is no injection happening in such a case ever. If it does,
then yes the host side implementation is buggered, but AFAICT this is
not the case.

See also my reply in the other thread:

  https://lore.kernel.org/r/87r1y4a3gw.fsf@nanos.tec.linutronix.de

Thanks,

        tglx

Powered by blists - more mailing lists