| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2024 01:02:43 +0800 From: moehanabi <moehanabichan@...il.com> To: seanjc@...gle.com Cc: bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, mingo@...hat.com, moehanabichan@...il.com, pbonzini@...hat.com, tglx@...utronix.de, x86@...nel.org Subject: Re: Re: [PATCH] KVM: x86: Check irqchip mode before create PIT > On Thu, Jan 25, 2024, Brilliant Hanabi wrote: > > As the kvm api(https://docs.kernel.org/virt/kvm/api.html) reads, > > KVM_CREATE_PIT2 call is only valid after enabling in-kernel irqchip > > support via KVM_CREATE_IRQCHIP. > > > > Without this check, I can create PIT first and enable irqchip-split > > then, which may cause the PIT invalid because of lacking of in-kernel > > PIC to inject the interrupt. > > Does this cause actual problems beyond the PIT not working for the guest? E.g. > does it put the host kernel at risk? If the only problem is that the PIT doesn't > work as expected, I'm tempted to tweak the docs to say that KVM's PIT emulation > won't work without an in-kernel I/O APIC. Rejecting the ioctl could theoertically > break misconfigured setups that happen to work, e.g. because the guest never uses > the PIT. I don't think it will put the host kernel at risk. But that's exactly what kvmtool does: it creates in-kernel PIT first and set KVM_CREATE_IRQCHIP then. I found this problem because I was working on implementing a userspace PIC and PIT in kvmtool. As I planned, I'm going to commit a related patch to kvmtool if this patch will be applied. > > Signed-off-by: Brilliant Hanabi <moehanabichan@...il.com> > > --- > > arch/x86/kvm/x86.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index 27e23714e960..3edc8478310f 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -7016,6 +7016,8 @@ int kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) > > r = -EEXIST; > > if (kvm->arch.vpit) > > goto create_pit_unlock; > > + if (!pic_in_kernel(kvm)) > > + goto create_pit_unlock; > > -EEXIST is not an appropriate errno. Which errno do you think is better? > > r = -ENOMEM; > > kvm->arch.vpit = kvm_create_pit(kvm, u.pit_config.flags); > > if (kvm->arch.vpit) > > -- > > 2.39.3 > >
Powered by blists - more mailing lists