| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Mar 2021 10:26:56 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
vkuznets@...hat.com, mlevitsk@...hat.com,
Jim Mattson <jmattson@...gle.com>
Subject: Re: [PATCH 03/28] KVM: nSVM: inject exceptions via
svm_check_nested_events
On 06/03/21 02:39, Sean Christopherson wrote:
> Unless KVM (L0) knowingly wants to override L1, e.g. KVM_GUESTDBG_* cases, KVM
> shouldn't do a damn thing except forward the exception to L1 if L1 wants the
> exception.
>
> ud_interception() and gp_interception() do quite a bit before forwarding the
> exception, and in the case of #UD, it's entirely possible the #UD will never get
> forwarded to L1. #GP is even more problematic because it's a contributory
> exception, and kvm_multiple_exception() is not equipped to check and handle
> nested intercepts before vectoring the exception, which means KVM will
> incorrectly escalate a #GP->#DF and #GP->#DF->Triple Fault instead of exiting
> to L1. That's a wee bit problematic since KVM also has a soon-to-be-fixed bug
> where it kills L1 on a Triple Fault in L2...
I agree with the #GP problem, but this is on purpose. For example, if
L1 CPUID has MOVBE and it is being emulated via #UD, L1 would be right
to set MOVBE in L2's CPUID and expect it not to cause a #UD. The same
is true for the VMware #GP interception case.
Maxim is also working on this, the root cause is that
kvm_multiple_exception()'s escalation of contributory exceptions to #DF
and triple fault is incorrect in the case of nested virtualization.
Paolo
Powered by blists - more mailing lists