lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220719144936.GX1379820@ls.amr.corp.intel.com>
Date:   Tue, 19 Jul 2022 07:49:36 -0700
From:   Isaku Yamahata <isaku.yamahata@...il.com>
To:     Kai Huang <kai.huang@...el.com>
Cc:     isaku.yamahata@...el.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, isaku.yamahata@...il.com,
        Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH v7 041/102] KVM: VMX: Introduce test mode related to EPT
 violation VE

On Fri, Jul 08, 2022 at 02:23:43PM +1200,
Kai Huang <kai.huang@...el.com> wrote:

> On Mon, 2022-06-27 at 14:53 -0700, isaku.yamahata@...el.com wrote:
> > From: Isaku Yamahata <isaku.yamahata@...el.com>
> > 
> > To support TDX, KVM is enhanced to operate with #VE.  For TDX, KVM programs
> > to inject #VE conditionally and set #VE suppress bit in EPT entry.  For VMX
> > case, #VE isn't used.  If #VE happens for VMX, it's a bug.  To be
> > defensive (test that VMX case isn't broken), introduce option
> > ept_violation_ve_test and when it's set, set error.
> 
> I don't see why we need this patch.  It may be helpful during your test, but why
> do we need this patch for formal submission?
> 
> And for a normal guest, what prevents one vcpu from sending #VE IPI to another
> vcpu?

Paolo suggested it as follows.  Maybe it should be kernel config.
(I forgot to add suggested-by. I'll add it)

https://lore.kernel.org/lkml/84d56339-4a8a-6ddb-17cb-12074588ba9c@redhat.com/

> On 3/4/22 20:48, isaku.yamahata@...el.com wrote:
> > + if (enable_ept) {
> > +  const u64 init_value = enable_tdx ? VMX_EPT_SUPPRESS_VE_BIT : 0ull;
> >     kvm_mmu_set_ept_masks(enable_ept_ad_bits,
> > -          cpu_has_vmx_ept_execute_only());
> > +          cpu_has_vmx_ept_execute_only(), init_value);
> > +  kvm_mmu_set_spte_init_value(init_value);
> > + }
> 
> I think kvm-intel.ko should use VMX_EPT_SUPPRESS_VE_BIT unconditionally 
> as the init value.  The bit is ignored anyway if the "EPT-violation #VE" 
> execution control is 0.  Otherwise looks good, but I have a couple more 
> crazy ideas:
> 
> 1) there could even be a test mode where KVM enables the execution 
> control, traps #VE in the exception bitmap, and shouts loudly if it gets 
> a #VE.  That might avoid hard-to-find bugs due to forgetting about 
> VMX_EPT_SUPPRESS_VE_BIT.
> 
> 2) or even, perhaps the init_value for the TDP MMU could set bit 63 
> _unconditionally_, because KVM always sets the NX bit on AMD hardware. 
> That would remove the whole infrastructure to keep shadow_init_value, 
> because it would be constant 0 in mmu.c and constant BIT(63) in tdp_mmu.c.
> 
> Sean, what do you think?
> 
> Paolo
-- 
Isaku Yamahata <isaku.yamahata@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ