| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jun 2020 12:32:14 +0800
From: Yuan Yao <yuan.yao@...ux.intel.com>
To: Mohammed Gamal <mgamal@...hat.com>
Cc: kvm@...r.kernel.org, pbonzini@...hat.com,
linux-kernel@...r.kernel.org, vkuznets@...hat.com,
sean.j.christopherson@...el.com, wanpengli@...cent.com,
jmattson@...gle.com, joro@...tes.org, thomas.lendacky@....com,
babu.moger@....com
Subject: Re: [PATCH v2 00/11] KVM: Support guest MAXPHYADDR < host MAXPHYADDR
On Fri, Jun 19, 2020 at 05:39:14PM +0200, Mohammed Gamal wrote:
> When EPT/NPT is enabled, KVM does not really look at guest physical
> address size. Address bits above maximum physical memory size are reserved.
> Because KVM does not look at these guest physical addresses, it currently
> effectively supports guest physical address sizes equal to the host.
>
> This can be problem when having a mixed setup of machines with 5-level page
> tables and machines with 4-level page tables, as live migration can change
> MAXPHYADDR while the guest runs, which can theoretically introduce bugs.
>
> In this patch series we add checks on guest physical addresses in EPT
> violation/misconfig and NPF vmexits and if needed inject the proper
> page faults in the guest.
>
> A more subtle issue is when the host MAXPHYADDR is larger than that of the
> guest. Page faults caused by reserved bits on the guest won't cause an EPT
> violation/NPF and hence we also check guest MAXPHYADDR and add PFERR_RSVD_MASK
> error code to the page fault if needed.
>
> The last 3 patches (i.e. SVM bits and patch 11) are not intended for
> immediate inclusion and probably need more discussion.
> We've been noticing some unexpected behavior in handling NPF vmexits
> on AMD CPUs (see individual patches for details), and thus we are
> proposing a workaround (see last patch) that adds a capability that
> userspace can use to decide who to deal with hosts that might have
> issues supprting guest MAXPHYADDR < host MAXPHYADDR.
>
>
> Mohammed Gamal (7):
> KVM: x86: Add helper functions for illegal GPA checking and page fault
> injection
> KVM: x86: mmu: Move translate_gpa() to mmu.c
> KVM: x86: mmu: Add guest physical address check in translate_gpa()
> KVM: VMX: Add guest physical address check in EPT violation and
> misconfig
> KVM: SVM: introduce svm_need_pf_intercept
> KVM: SVM: Add guest physical address check in NPF/PF interception
> KVM: x86: SVM: VMX: Make GUEST_MAXPHYADDR < HOST_MAXPHYADDR support
> configurable
>
> Paolo Bonzini (4):
> KVM: x86: rename update_bp_intercept to update_exception_bitmap
> KVM: x86: update exception bitmap on CPUID changes
> KVM: VMX: introduce vmx_need_pf_intercept
> KVM: VMX: optimize #PF injection when MAXPHYADDR does not match
>
> arch/x86/include/asm/kvm_host.h | 10 ++------
> arch/x86/kvm/cpuid.c | 2 ++
> arch/x86/kvm/mmu.h | 6 +++++
> arch/x86/kvm/mmu/mmu.c | 12 +++++++++
> arch/x86/kvm/svm/svm.c | 41 +++++++++++++++++++++++++++---
> arch/x86/kvm/svm/svm.h | 6 +++++
> arch/x86/kvm/vmx/nested.c | 28 ++++++++++++--------
> arch/x86/kvm/vmx/vmx.c | 45 +++++++++++++++++++++++++++++----
> arch/x86/kvm/vmx/vmx.h | 6 +++++
> arch/x86/kvm/x86.c | 29 ++++++++++++++++++++-
> arch/x86/kvm/x86.h | 1 +
> include/uapi/linux/kvm.h | 1 +
> 12 files changed, 158 insertions(+), 29 deletions(-)
>
> --
> 2.26.2
>
Powered by blists - more mailing lists