| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240326174859.GB2444378@ls.amr.corp.intel.com> Date: Tue, 26 Mar 2024 10:48:59 -0700 From: Isaku Yamahata <isaku.yamahata@...el.com> To: Chao Gao <chao.gao@...el.com> Cc: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "Yamahata, Isaku" <isaku.yamahata@...el.com>, "Zhang, Tina" <tina.zhang@...el.com>, "isaku.yamahata@...ux.intel.com" <isaku.yamahata@...ux.intel.com>, "seanjc@...gle.com" <seanjc@...gle.com>, "Huang, Kai" <kai.huang@...el.com>, "Chen, Bo2" <chen.bo@...el.com>, "sagis@...gle.com" <sagis@...gle.com>, "isaku.yamahata@...il.com" <isaku.yamahata@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Aktas, Erdem" <erdemaktas@...gle.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "pbonzini@...hat.com" <pbonzini@...hat.com>, "Yuan, Hang" <hang.yuan@...el.com>, "sean.j.christopherson@...el.com" <sean.j.christopherson@...el.com> Subject: Re: [PATCH v19 059/130] KVM: x86/tdp_mmu: Don't zap private pages for unsupported cases On Tue, Mar 26, 2024 at 07:13:46PM +0800, Chao Gao <chao.gao@...el.com> wrote: > On Tue, Mar 26, 2024 at 10:42:36AM +0800, Edgecombe, Rick P wrote: > >On Tue, 2024-03-26 at 10:32 +0800, Chao Gao wrote: > >> > > > Something like this for "112/130 KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall" > >> > > > Compile only tested at this point. > >> > > > >> > > Seems reasonable to me. Does QEMU configure a special set of MSRs to filter for TDX currently? > >> > > >> > No for TDX at the moment. We need to add such logic. > >> > >> What if QEMU doesn't configure the set of MSRs to filter? In this case, KVM > >> still needs to handle the MSR accesses. > > > >Do you see a problem for the kernel? I think if any issues are limited to only the guest, then we > >should count on userspace to configure the msr list. > > How can QEMU handle MTRR MSR accesses if KVM exits to QEMU? I am not sure if > QEMU needs to do a lot of work to virtualize MTRR. The default kernel logic will to return error for TDG.VP.VMCALL<RDMSR or WRMSR MTRR registers>. Qemu can have mostly same in the current kernel logic. rdmsr: MTRRCAP: 0 MTRRDEFTYPE: MTRR_TYPE_WRBACK wrmsr: MTRRDEFTYPE: If write back, nop. Otherwise error. > If QEMU doesn't configure the msr filter list correctly, KVM has to handle > guest's MTRR MSR accesses. In my understanding, the suggestion is KVM zap > private memory mappings. But guests won't accept memory again because no one > currently requests guests to do this after writes to MTRR MSRs. In this case, > guests may access unaccepted memory, causing infinite EPT violation loop > (assume SEPT_VE_DISABLE is set). This won't impact other guests/workloads on > the host. But I think it would be better if we can avoid wasting CPU resource > on the useless EPT violation loop. Qemu is expected to do it correctly. There are manyways for userspace to go wrong. This isn't specific to MTRR MSR. -- Isaku Yamahata <isaku.yamahata@...el.com>
Powered by blists - more mailing lists