| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <298d3c2601b13bf45044e92af02a28d5440e944f.camel@redhat.com>
Date: Mon, 18 Jul 2022 12:42:52 +0300
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>,
Jim Mattson <jmattson@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] KVM: x86: Reject loading KVM if host.PAT[0] != WB
On Fri, 2022-07-15 at 23:18 +0000, Sean Christopherson wrote:
> On Fri, Jul 15, 2022, Jim Mattson wrote:
> > On Fri, Jul 15, 2022 at 4:02 PM Sean Christopherson <seanjc@...gle.com> wrote:
> > >
> > > Reject KVM if entry '0' in the host's IA32_PAT MSR is not programmed to
> > > writeback (WB) memtype. KVM subtly relies on IA32_PAT entry '0' to be
> > > programmed to WB by leaving the PAT bits in shadow paging and NPT SPTEs
> > > as '0'. If something other than WB is in PAT[0], at _best_ guests will
> > > suffer very poor performance, and at worst KVM will crash the system by
> > > breaking cache-coherency expecations (e.g. using WC for guest memory).
> > >
> > > Signed-off-by: Sean Christopherson <seanjc@...gle.com>
> > > ---
> > What if someone changes the host's PAT to violate this rule *after*
> > kvm is loaded?
>
> Then KVM (and probably many other things in the kernel) is hosed. The same argument
> (that KVM isn't paranoid enough) can likely be made for a number of MSRs and critical
> registers.
>
I was thinking about the same thing and I also 100% agree with the above.
Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>
Best regards,
Maxim Levitsky
Powered by blists - more mailing lists