lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jul 2021 18:53:08 -0500
From:   Brijesh Singh <brijesh.singh@....com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     brijesh.singh@....com, x86@...nel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
        linux-coco@...ts.linux.dev, linux-mm@...ck.org,
        linux-crypto@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        "H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
        David Rientjes <rientjes@...gle.com>,
        Dov Murik <dovmurik@...ux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@....com>,
        Borislav Petkov <bp@...en8.de>,
        Michael Roth <michael.roth@....com>,
        Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
        npmccallum@...hat.com, brijesh.ksingh@...il.com
Subject: Re: [PATCH Part2 RFC v4 37/40] KVM: SVM: Add support to handle the
 RMP nested page fault


On 7/20/21 5:31 PM, Sean Christopherson wrote:
...
>> This is a good question, the GHCB spec does not enforce that a guest *must*
>> use page state. If the page state changes is not done by the guest then it
>> will cause #NPF and its up to the hypervisor to decide on what it wants to
>> do.
> Drat.  Is there any hope of pushing through a GHCB change to require the guest
> to use PSC?

Well, I am not sure if we can push it through GHCB. Other hypervisor
also need to agree to it. We need to define them some architectural way
for hypervisor to detect the violation and notify guest about it.


>>> It would simplify KVM (albeit not much of a simplificiation) and would also
>>> make debugging easier since transitions would require an explicit guest
>>> request and guest bugs would result in errors instead of random
>>> corruption/weirdness.
>> I am good with enforcing this from the KVM. But the question is, what fault
>> we should inject in the guest when KVM detects that guest has issued the
>> page state change.
> Injecting a fault, at least from KVM, isn't an option since there's no architectural
> behavior we can leverage.  E.g. a guest that isn't enlightened enough to properly
> use PSC isn't going to do anything useful with a #MC or #VC.
>
> Sadly, as is I think our only options are to either automatically convert RMP
> entries as need, or to punt the exit to userspace.  Maybe we could do both, e.g.
> have a module param to control the behavior?  The problem with punting to userspace
> is that KVM would also need a way for userspace to fix the issue, otherwise we're
> just taking longer to kill the guest :-/
>
I think we should automatically convert the RMP entries at time, its
possible that non Linux guest may access the page without going through
the PSC.

thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ