From: Avi Kivity <avi@qumranet.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: kvm-devel <kvm-devel@lists.sourceforge.net>,
linux-kernel <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>, Linus Torvalds <torvalds@osdl.org>
Subject: Re: [patch, try#2] kvm: fix GFP_KERNEL allocation in atomic section in kvm_dev_ioctl_create_vcpu()
Date: Thu, 28 Dec 2006 15:30:42 +0200 [thread overview]
Message-ID: <4593C702.4000604@qumranet.com> (raw)
In-Reply-To: <20061228132325.GA2176@elte.hu>
Ingo Molnar wrote:
> I've got a security related question as well: vcpu_load() sets up a
> physical CPU's VM registers/state, and vcpu_put() drops that. But
> vcpu_put() only does a put_cpu() call - it does not tear down any VM
> state that has been loaded into the CPU. Is it guaranteed that (hostile)
> user-space cannot use that VM state in any unauthorized way? The state
> is still loaded while arbitrary tasks execute on the CPU. The next
> vcpu_load() will then override it, but the state lingers around forever.
>
> The new x86 VM instructions: vmclear, vmlaunch, vmresume, vmptrld,
> vmread, vmwrite, vmxoff, vmxon are all privileged so i guess it should
> be mostly safe - i'm just wondering whether you thought about this
> attack angle.
>
Yes. Userspace cannot snoop on a VM state.
> ultimately we want to integrate VM state management into the scheduler
> and the context-switch lowlevel arch code, but right now CPU state
> management is done by the KVM 'driver' and there's nothing that isolates
> other tasks from possible side-effects of a loaded VMX/SVN state.
>
AFAICS in vmx root mode the vm state only affects vmx instructions; SVM
has no architecturally hidden state.
--
error compiling committee.c: too many arguments to function
prev parent reply other threads:[~2006-12-28 13:30 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-28 10:07 [PATCH 0/8] KVM updates for 2.6.20-rc2 Avi Kivity
2006-12-28 10:08 ` [PATCH 1/8] KVM: Use boot_cpu_data instead of current_cpu_data Avi Kivity
2006-12-28 10:09 ` [PATCH 2/8] KVM: Simplify is_long_mode() Avi Kivity
2006-12-28 10:11 ` [PATCH 4/8] KVM: Implement a few system configuration msrs Avi Kivity
2006-12-28 10:11 ` Avi Kivity
2007-01-01 0:07 ` Ingo Oeser
2007-01-01 0:07 ` Ingo Oeser
2007-01-01 8:20 ` Avi Kivity
2007-01-01 8:20 ` Avi Kivity
2006-12-28 10:12 ` [PATCH 5/8] KVM: Move common msr handling to arch independent code Avi Kivity
2006-12-28 10:13 ` [PATCH 6/8] KVM: More msr misery Avi Kivity
2006-12-28 10:14 ` [PATCH 7/8] KVM: Rename some msrs Avi Kivity
2006-12-28 10:14 ` Avi Kivity
2006-12-28 10:15 ` [PATCH 8/8] KVM: Fix oops on oom Avi Kivity
2006-12-28 10:15 ` Avi Kivity
[not found] ` <45939755.7010603-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 10:10 ` [PATCH 3/8] KVM: Initialize kvm_arch_ops on unload Avi Kivity
2006-12-28 10:33 ` [PATCH 0/8] KVM updates for 2.6.20-rc2 Ingo Molnar
[not found] ` <20061228103345.GA4708-X9Un+BFzKDI@public.gmane.org>
2006-12-28 11:04 ` Avi Kivity
[not found] ` <4593A4B7.2070404-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 11:23 ` Ingo Molnar
[not found] ` <20061228112356.GA14386-X9Un+BFzKDI@public.gmane.org>
2006-12-28 12:21 ` Avi Kivity
2006-12-28 13:15 ` Ingo Molnar
2006-12-28 11:30 ` Ingo Molnar
[not found] ` <20061228113038.GA16190-X9Un+BFzKDI@public.gmane.org>
2006-12-28 12:32 ` Avi Kivity
[not found] ` <4593B948.5090009-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 13:37 ` Ingo Molnar
[not found] ` <20061228133746.GC3392-X9Un+BFzKDI@public.gmane.org>
2006-12-28 13:49 ` Avi Kivity
[not found] ` <4593CB61.5050709-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 13:50 ` Ingo Molnar
[not found] ` <20061228135020.GA7606-X9Un+BFzKDI@public.gmane.org>
2006-12-28 13:58 ` Avi Kivity
[not found] ` <4593CD74.6060202-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 14:07 ` Ingo Molnar
[not found] ` <20061228140742.GA10033-X9Un+BFzKDI@public.gmane.org>
2006-12-28 14:18 ` Avi Kivity
[not found] ` <4593D243.1030301-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 15:01 ` Ingo Molnar
[not found] ` <20061228150104.GB16057-X9Un+BFzKDI@public.gmane.org>
2006-12-28 15:09 ` Avi Kivity
[not found] ` <4593DE1D.8010701-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 15:11 ` Ingo Molnar
[not found] ` <20061228151159.GA20279-X9Un+BFzKDI@public.gmane.org>
2006-12-28 15:25 ` Avi Kivity
[not found] ` <4593E1E3.2020800-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2006-12-28 15:28 ` Avi Kivity
2006-12-28 12:42 ` [patch] kvm: fix GFP_KERNEL allocation in atomic section in kvm_dev_ioctl_create_vcpu() Ingo Molnar
2006-12-28 12:42 ` Ingo Molnar
2006-12-28 12:56 ` Avi Kivity
2006-12-28 12:55 ` Ingo Molnar
2006-12-28 13:08 ` [patch, try#2] " Ingo Molnar
2006-12-28 13:08 ` Ingo Molnar
2006-12-28 13:14 ` Avi Kivity
2006-12-28 13:23 ` Ingo Molnar
2006-12-28 13:30 ` Avi Kivity [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4593C702.4000604@qumranet.com \
--to=avi@qumranet.com \
--cc=akpm@osdl.org \
--cc=kvm-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.