From: "Radim Krčmář" <rkrcmar@redhat.com>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
KVM list <kvm@vger.kernel.org>,
stable@vger.kernel.org, Dmitry Vyukov <dvyukov@google.com>,
Steve Rutherford <srutherford@google.com>,
Andrew Honig <ahonig@google.com>,
Prasad Pandit <ppandit@redhat.com>
Subject: Re: [PATCH] KVM: x86: restore IP after all far jump failures
Date: Tue, 22 Nov 2016 21:56:01 +0100 [thread overview]
Message-ID: <20161122205600.GC12634@potion> (raw)
In-Reply-To: <F346D675-FC84-4595-BC1D-C1049F7D6B7E@gmail.com>
2016-11-22 11:43-0800, Nadav Amit:
> I admit my wrongdoings, but I still think the fix should have been to
> remove the entire recovery logic and just return X86EMUL_UNHANDLEABLE if
> something goes wrong (exception). This will kill the misbehaving process
> but keep the VM running.
X86EMUL_UNHANDLEABLE will kill the whole VM (on QEMU, other userspaces
might handle the instruction and resume KVM).
The recovery path is in the spec, which means that nothing goes wrong.
I think we implement the spec quite well now, so keeping the #GP and CS
recovery is slightly better, although not safer.
> Otherwise, a malicious VM process, which can somehow control descriptors
> (LDT?) may modify the descriptor during the emulation and get the system
> to inconsistent state and prevent the VM-entry.
We restore the original CS -- malicious guest would get killed on a
failed VM entry anyway, so the difference is only in KVM internal error
code (assuming there are no other bugs).
Am I misunderstanding something?
next prev parent reply other threads:[~2016-11-22 20:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-22 19:21 [PATCH] KVM: x86: restore IP after all far jump failures Radim Krčmář
2016-11-22 19:34 ` Paolo Bonzini
2016-11-22 19:44 ` Nadav Amit
[not found] ` <F346D675-FC84-4595-BC1D-C1049F7D6B7E@gmail.com>
2016-11-22 20:56 ` Radim Krčmář [this message]
2016-11-22 23:18 ` Nadav Amit
2016-11-23 16:23 ` Radim Krčmář
2016-11-22 20:03 ` Jim Mattson
2016-11-22 20:58 ` Radim Krčmář
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161122205600.GC12634@potion \
--to=rkrcmar@redhat.com \
--cc=ahonig@google.com \
--cc=dvyukov@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nadav.amit@gmail.com \
--cc=pbonzini@redhat.com \
--cc=ppandit@redhat.com \
--cc=srutherford@google.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.