lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2022 18:29:18 +0000 From: Sean Christopherson <seanjc@...gle.com> To: Jim Mattson <jmattson@...gle.com> Cc: Paolo Bonzini <pbonzini@...hat.com>, Xiaoyao Li <xiaoyao.li@...el.com>, Chenyi Qiang <chenyi.qiang@...el.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] KVM: VMX: Enable Notify VM exit On Fri, Feb 25, 2022, Jim Mattson wrote: > On Fri, Feb 25, 2022 at 7:13 AM Paolo Bonzini <pbonzini@...hat.com> wrote: > > > > On 2/25/22 16:12, Xiaoyao Li wrote: > > >>>> > > >>> > > >>> I don't like the idea of making things up without notifying userspace > > >>> that this is fictional. How is my customer running nested VMs supposed > > >>> to know that L2 didn't actually shutdown, but L0 killed it because the > > >>> notify window was exceeded? If this information isn't reported to > > >>> userspace, I have no way of getting the information to the customer. > > >> > > >> Then, maybe a dedicated software define VM exit for it instead of > > >> reusing triple fault? > > >> > > > > > > Second thought, we can even just return Notify VM exit to L1 to tell L2 > > > causes Notify VM exit, even thought Notify VM exit is not exposed to L1. > > > > That might cause NULL pointer dereferences or other nasty occurrences. > > Could we synthesize a machine check? I haven't looked in detail at the > MCE MSRs, but surely there must be room in there for Intel to reserve > some encodings for synthesized machine checks. I don't think we have any choice but to synthesize SHUTDOWN until we get more details on the exact semantics of VM_CONTEXT_INVALID. E.g. if GUEST_EFER or any other critical guest field is corrupted, attempting to re-enter the guest, even to (attempt to) inject a machine check, is risking undefined behavior in the guest.
Powered by blists - more mailing lists