lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Oct 2020 10:17:04 -0700 From: Sean Christopherson <sean.j.christopherson@...el.com> To: Vitaly Kuznetsov <vkuznets@...hat.com> Cc: Vivek Goyal <vgoyal@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, virtio-fs-list <virtio-fs@...hat.com>, pbonzini@...hat.com Subject: Re: [PATCH v4] kvm,x86: Exit to user space in case page fault error On Tue, Oct 06, 2020 at 06:39:56PM +0200, Vitaly Kuznetsov wrote: > Sean Christopherson <sean.j.christopherson@...el.com> writes: > > > On Tue, Oct 06, 2020 at 05:24:54PM +0200, Vitaly Kuznetsov wrote: > >> Vivek Goyal <vgoyal@...hat.com> writes: > >> > So you will have to report token (along with -EFAULT) to user space. So this > >> > is basically the 3rd proposal which is extension of kvm API and will > >> > report say HVA/GFN also to user space along with -EFAULT. > >> > >> Right, I meant to say that guest kernel has full register state of the > >> userspace process which caused APF to get queued and instead of trying > >> to extract it in KVM and pass to userspace in case of a (later) failure > >> we limit KVM api change to contain token or GFN only and somehow keep > >> the rest in the guest. This should help with TDX/SEV-ES. > > > > Whatever gets reported to userspace should be identical with and without > > async page faults, i.e. it definitely shouldn't have token information. > > > > Oh, right, when the error gets reported synchronously guest's kernel is > not yet aware of the issue so it won't be possible to find anything in > its kdump if userspace decides to crash it immediately. The register > state (if available) will be actual though. > > > Note, TDX doesn't allow injection exceptions, so reflecting a #PF back > > into the guest is not an option. > > Not even #MC? So sad :-) Heh, #MC isn't allowed either, yet... > > Nor do I think that's "correct" behavior (see everyone's objections to > > using #PF for APF fixed). I.e. the event should probably be an IRQ. > > I recall Paolo objected against making APF 'page not present' into in > interrupt as it will require some very special handling to make sure it > gets injected (and handled) immediately but I'm not really sure how big > the hack is going to be, maybe in the light of TDX/SEV-ES it's worth a > try. This shouldn't have anything to do with APF. Again, the event injection is needed even in the synchronous case as the file truncation in the host can affect existing mappings in the guest. I don't know that the mechanism needs to be virtiofs specific or if there can be a more generic "these PFNs have disappeared", but it's most definitely orthogonal to APF.
Powered by blists - more mailing lists