| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Oct 2020 11:27:23 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: "Graf (AWS), Alexander" <graf@...zon.de>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
Aaron Lewis <aaronlewis@...gle.com>,
Peter Xu <peterx@...hat.com>,
Sean Christopherson <sean.j.christopherson@...el.com>
Subject: Re: [PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC
On 19/10/20 19:45, Graf (AWS), Alexander wrote:
>> + * In principle it would be possible to trap x2apic ranges
>> + * if !lapic_in_kernel. This however would be complicated
>> + * because KVM_X86_SET_MSR_FILTER can be called before
>> + * KVM_CREATE_IRQCHIP or KVM_ENABLE_CAP.
>> + */
>> + for (i = 0; i < ARRAY_SIZE(filter.ranges); i++)
>> + if (range_overlaps_x2apic(&filter.ranges[i]))
>> + return -EINVAL;
>
> What if the default action of the filter is to "deny"? Then only an
> MSR filter to allow access to x2apic MSRs would make the full
> filtering logic adhere to the constraints, no?
Right; or more precisely, that is handled by Sean's patch that he had
posted earlier. This patch only makes it impossible to set up such a
filter.
(That said, this is a quick patch that I posted yesterday just before
dinner. I'll send out the real deal with docs fixes and better commit
message).
Paolo
> Also, this really deserves a comment in the API documentation :).
>
> In fact, I think a pure comment in documentation is enough. Just make
> x2apic && filter on them "undefined behavior".
Powered by blists - more mailing lists