From: Avi Kivity <avi@redhat.com>
To: Alexander Graf <agraf@suse.de>
Cc: Gleb Natapov <gleb@redhat.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
"oritw@il.ibm.com" <oritw@il.ibm.com>,
kvm-devel <kvm@vger.kernel.org>,
Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: List of unaccessible x86 states
Date: Mon, 26 Oct 2009 10:33:48 +0200 [thread overview]
Message-ID: <4AE55EEC.1060303@redhat.com> (raw)
In-Reply-To: <958C1AC1-505B-4467-A2FC-D9BA4A2F2737@suse.de>
On 10/25/2009 06:45 PM, Alexander Graf wrote:
>>> It's not. We can't use the guest memory for hsave because then the
>>> guest could break the l1 state, so a malicious hypervisor could
>>> break us.
>>
>> Guest hsave should be used for storing guest state when switching
>> into the nested guest, not host state. Host state is not part of the
>> save/restore state in any case.
>
>
> No it's not.
>
> When going in an l2 guest, we need to save the l1 state in the hsave.
> Now if we'd use the l1 given hsave, the l2 guest could modify the hsave.
>
> That means the l2 guest could rewrite the intercept bitmap to 0 and
> compromize the host.
L1 hsave stores the architected state saved by vmrun, e.g. cs.sel,
next_rip, cr0, cr3, etc. The host intercept bitmap is not state since
it is calculated from the L1 intercept bitmap and host code. Indeed it
can be different from host to host even with the same guest state.
> That's why we're storing the hsave data in a host allocated page.
>
> Of course, we could save the whole hsave are off to the host on
> migeation...
Sorry, -ENOPARSE.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2009-10-26 8:33 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-20 13:01 List of unaccessible x86 states Jan Kiszka
2009-10-20 13:10 ` Alexander Graf
2009-10-20 13:19 ` Jan Kiszka
2009-10-20 13:27 ` Gleb Natapov
2009-10-20 13:29 ` Jan Kiszka
2009-10-20 13:32 ` Gleb Natapov
2009-10-20 13:27 ` Alexander Graf
2009-10-20 13:37 ` Jan Kiszka
2009-10-20 13:41 ` Alexander Graf
2009-10-20 13:48 ` Gleb Natapov
2009-10-20 13:51 ` Alexander Graf
2009-10-20 18:55 ` Gleb Natapov
2009-10-20 18:59 ` Alexander Graf
2009-10-20 19:09 ` Gleb Natapov
2009-10-20 19:23 ` Alexander Graf
2009-10-20 19:31 ` Gleb Natapov
2009-10-25 9:46 ` Avi Kivity
2009-10-25 13:53 ` Alexander Graf
2009-10-25 14:08 ` Avi Kivity
2009-10-25 16:45 ` Alexander Graf
2009-10-26 8:33 ` Avi Kivity [this message]
2009-10-26 9:11 ` Alexander Graf
2009-10-26 9:19 ` Avi Kivity
2009-10-20 13:35 ` Gleb Natapov
2009-10-20 18:45 ` Marcelo Tosatti
2009-10-23 13:08 ` Jan Kiszka
2009-10-23 17:00 ` Marcelo Tosatti
2009-10-23 19:26 ` Jan Kiszka
2009-10-23 19:34 ` Jan Kiszka
2009-10-24 10:35 ` Alexander Graf
2009-10-25 9:49 ` Avi Kivity
2009-10-26 9:17 ` Joerg Roedel
2009-10-26 9:21 ` Avi Kivity
2009-10-26 9:30 ` Joerg Roedel
2009-10-26 9:39 ` Avi Kivity
2009-10-26 9:56 ` Joerg Roedel
2009-10-26 10:09 ` Avi Kivity
2009-10-26 10:45 ` Joerg Roedel
2009-10-26 10:56 ` Avi Kivity
2009-10-26 11:10 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AE55EEC.1060303@redhat.com \
--to=avi@redhat.com \
--cc=agraf@suse.de \
--cc=gleb@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=oritw@il.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.