lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 02 Aug 2021 16:10:27 +0300
From:   Maxim Levitsky <mlevitsk@...hat.com>
To:     Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org
Subject: Re: [PATCH RFC] KVM: nSVM: remove useless kvm_clear_*_queue

On Mon, 2021-08-02 at 08:56 -0400, Paolo Bonzini wrote:
> For an event to be in injected state when nested_svm_vmrun executes,
> it must have come from exitintinfo when svm_complete_interrupts ran:
> 
>   vcpu_enter_guest
>    static_call(kvm_x86_run) -> svm_vcpu_run
>     svm_complete_interrupts
>      // now the event went from "exitintinfo" to "injected"
>    static_call(kvm_x86_handle_exit) -> handle_exit
>     svm_invoke_exit_handler
>       vmrun_interception
>        nested_svm_vmrun
> 
> However, no event could have been in exitintinfo before a VMRUN
> vmexit.  The code in svm.c is a bit more permissive than the one
> in vmx.c:
> 
>         if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
>             exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
>             exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH &&
>             exit_code != SVM_EXIT_INTR && exit_code != SVM_EXIT_NMI)
> 
> but in any case, a VMRUN instruction would not even start to execute
> during an attempted event delivery.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---
>  arch/x86/kvm/svm/nested.c | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 61738ff8ef33..5e13357da21e 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -659,11 +659,6 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
>  		goto out;
>  	}
>  
> -
> -	/* Clear internal status */
> -	kvm_clear_exception_queue(vcpu);
> -	kvm_clear_interrupt_queue(vcpu);
> -
>  	/*
>  	 * Since vmcb01 is not in use, we can use it to store some of the L1
>  	 * state.
100% agree.

As I say, Intel's architects weren't crazy enough to implement an VM IDT gate
(switch to a VM on interrupt....), and so indeed that this isn't possible.
They do have a task gate... thankfully it is legacy.

I would still keep a WARN_ON_ONCE here just in case.

Note that in theory one can force an injected/queued exception with KVM_SET_VCPU_EVENTS
on RIP that points to VMRUN instruction. Its user fault though.

Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>

Best regards,
	Maxim Levitsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ