lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Apr 2020 11:50:10 -0400
From:   Qian Cai <cai@....pw>
To:     Marco Elver <elver@...gle.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        "paul E. McKenney" <paulmck@...nel.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        LKML <linux-kernel@...r.kernel.org>, kvm@...r.kernel.org
Subject: Re: KCSAN + KVM = host reset



> On Apr 10, 2020, at 7:35 AM, Marco Elver <elver@...gle.com> wrote:
> 
> On Fri, 10 Apr 2020 at 13:25, Qian Cai <cai@....pw> wrote:
>> 
>> 
>> 
>>> On Apr 10, 2020, at 5:47 AM, Marco Elver <elver@...gle.com> wrote:
>>> 
>>> That would contradict what you said about it working if KCSAN is
>>> "off". What kernel are you attempting to use in the VM?
> 
> Ah, sorry this was a typo,
>  s/working if KCSAN/not working if KCSAN/
> 
>> Well, I said set KCSAN debugfs to “off” did not help, i.e., it will reset the host running kvm.sh. It is the vanilla ubuntu 18.04 kernel in VM.
>> 
>> github.com/cailca/linux-mm/blob/master/kvm.sh
> 
> So, if you say that CONFIG_KCSAN_INTERRUPT_WATCHER=n works, that
> contradicts it not working when KCSAN is "off". Because if KCSAN is
> off, it never sets up any watchpoints, and whether or not
> KCSAN_INTERRUPT_WATCHER is selected or not shouldn't matter. Does that
> make more sense?
> 
> But from what you say, it's not the type of kernel run in VM. I just
> thought there may be some strange interaction if you also run a KCSAN
> kernel inside the VM.
> 
> Since I have no way to help debug right now, if you say that
> "KCSAN_SANITIZE_svm.o := n" works, I'd suggest that you just send a
> patch for that. If you think that's not adequate, it may be possible
> to try and find the offending function(s) in that file and add
> __no_kcsan to the  function(s) that cause problems.

This works,

--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3278,7 +3278,7 @@ static void svm_cancel_injection(struct kvm_vcpu *vcpu)
 
 bool __svm_vcpu_run(unsigned long vmcb_pa, unsigned long *regs);
 
-static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+static __no_kcsan void svm_vcpu_run(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);

Does anyone has any idea why svm_vcpu_run() would be a problem for KCSAN_INTERRUPT_WATCHER=y?

I can only see there are a bunch of assembly code in __svm_vcpu_run() that might be related?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ