From: Gleb Natapov <gleb@redhat.com>
To: Abel Gordon <ABELG@il.ibm.com>
Cc: dongxiao.xu@intel.com, jun.nakajima@intel.com,
kvm@vger.kernel.org, nadav@harel.org.il, owasserm@redhat.com
Subject: Re: [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs
Date: Thu, 18 Apr 2013 10:11:22 +0300 [thread overview]
Message-ID: <20130418071122.GK8997@redhat.com> (raw)
In-Reply-To: <OF7703B52F.B6609B7A-ONC2257B51.0025CE44-C2257B51.00271C21@il.ibm.com>
On Thu, Apr 18, 2013 at 10:07:11AM +0300, Abel Gordon wrote:
>
>
> Gleb Natapov <gleb@redhat.com> wrote on 18/04/2013 09:38:43 AM:
>
> > On Wed, Apr 17, 2013 at 08:07:40PM +0300, Abel Gordon wrote:
> > > Allocate a shadow vmcs used by the processor to shadow part of the
> fields
> > > stored in the software defined VMCS12 (let L1 access fields without
> causing
> > > exits). Note we keep a shadow vmcs only for the current vmcs12.
> > Once a vmcs12
> > > becomes non-current, its shadow vmcs is released.
> > >
> > >
> > > Signed-off-by: Abel Gordon <abelg@il.ibm.com>
> > > ---
> > > arch/x86/kvm/vmx.c | 12 ++++++++++++
> > > 1 file changed, 12 insertions(+)
> > >
> > > --- .before/arch/x86/kvm/vmx.c 2013-04-17 19:58:32.000000000 +0300
> > > +++ .after/arch/x86/kvm/vmx.c 2013-04-17 19:58:32.000000000 +0300
> > > @@ -355,6 +355,7 @@ struct nested_vmx {
> > > /* The host-usable pointer to the above */
> > > struct page *current_vmcs12_page;
> > > struct vmcs12 *current_vmcs12;
> > > + struct vmcs *current_shadow_vmcs;
> > >
> > > /* vmcs02_list cache of VMCSs recently used to run L2 guests */
> > > struct list_head vmcs02_pool;
> > > @@ -5517,6 +5518,7 @@ static int handle_vmon(struct kvm_vcpu *
> > > {
> > > struct kvm_segment cs;
> > > struct vcpu_vmx *vmx = to_vmx(vcpu);
> > > + struct vmcs *shadow_vmcs;
> > >
> > > /* The Intel VMX Instruction Reference lists a bunch of bits that
> > > * are prerequisite to running VMXON, most notably cr4.VMXE must be
> > > @@ -5540,6 +5542,16 @@ static int handle_vmon(struct kvm_vcpu *
> > > kvm_inject_gp(vcpu, 0);
> > > return 1;
> > > }
> > > + if (enable_shadow_vmcs) {
> > > + shadow_vmcs = alloc_vmcs();
> > > + if (!shadow_vmcs)
> > > + return -ENOMEM;
> > > + /* mark vmcs as shadow */
> > > + shadow_vmcs->revision_id |= (1u << 31);
> > > + /* init shadow vmcs */
> > > + vmcs_clear(shadow_vmcs);
> > > + vmx->nested.current_shadow_vmcs = shadow_vmcs;
> > > + }
> > >
> > Guest can ddos host by calling vmxon repeatedly causing host to leak
> > memory. This point to a bug in vmxon implementation. vmxon should call
> > nested_vmx_failInvalid() if (vmx->nested.vmxon).
>
> Good point. I just checked the spec (VMXON pseudo-code) to verify
> the right emulation:
> According to the pseudo-code we should:
> ELSE VMfail(“VMXON executed in VMX root operation”) which means:
>
> VMfail(ErrorNumber):
> IF VMCS pointer is valid
> THEN VMfailValid(ErrorNumber);
> ELSE VMfailInvalid;
> FI;
>
>
> So, I'll call nested_vmx_failValid if nested.current_vmptr != -1ull
> Otherwise, I'll call nested_vmx_failInvalid.
>
Just call nested_vmx_failValid(). It does that internally.
--
Gleb.
next prev parent reply other threads:[~2013-04-18 7:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-17 17:05 [PATCH 0/10] KVM: nVMX: shadow VMCS support, v3 Abel Gordon
2013-04-17 17:05 ` [PATCH 01/10] KVM: nVMX: Shadow-vmcs control fields/bits Abel Gordon
2013-04-17 17:06 ` [PATCH 02/10] KVM: nVMX: Detect shadow-vmcs capability Abel Gordon
2013-04-17 17:06 ` [PATCH 03/10] KVM: nVMX: Introduce vmread and vmwrite bitmaps Abel Gordon
2013-04-17 17:07 ` [PATCH 04/10] KVM: nVMX: Refactor handle_vmwrite Abel Gordon
2013-04-17 17:07 ` [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs Abel Gordon
2013-04-18 6:38 ` Gleb Natapov
2013-04-18 7:07 ` Abel Gordon
2013-04-18 7:11 ` Gleb Natapov [this message]
2013-04-18 7:15 ` Abel Gordon
2013-04-17 17:08 ` [PATCH 06/10] KVM: nVMX: Release " Abel Gordon
2013-04-17 17:08 ` [PATCH 07/10] KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12 Abel Gordon
2013-04-17 17:09 ` [PATCH 08/10] KVM: nVMX: Copy VMCS12 to processor-specific shadow vmcs Abel Gordon
2013-04-17 17:09 ` [PATCH 09/10] KVM: nVMX: Synchronize VMCS12 content with the " Abel Gordon
2013-04-18 6:41 ` Gleb Natapov
2013-04-18 7:07 ` Abel Gordon
2013-04-18 7:10 ` Gleb Natapov
2013-04-17 17:10 ` [PATCH 10/10] KVM: nVMX: Enable and disable shadow vmcs functionality Abel Gordon
-- strict thread matches above, loose matches on Subject: below --
2013-04-17 11:50 [PATCH 0/10] KVM: nVMX: shadow VMCS support, v2 Abel Gordon
2013-04-17 11:53 ` [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs Abel Gordon
2013-04-17 14:10 ` Gleb Natapov
2013-04-17 14:41 ` Abel Gordon
2013-04-17 14:44 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130418071122.GK8997@redhat.com \
--to=gleb@redhat.com \
--cc=ABELG@il.ibm.com \
--cc=dongxiao.xu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=nadav@harel.org.il \
--cc=owasserm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.