Re: [PATCH v2] KVM: VMX: Enable Notify VM exit

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Chenyi Qiang <chenyi.qiang@intel.com>, Tao Xu <tao3.xu@intel.com>,
	pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com,
	jmattson@google.com, joro@8bytes.org, tglx@linutronix.de,
	mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] KVM: VMX: Enable Notify VM exit
Date: Fri, 10 Sep 2021 17:55:22 +0000	[thread overview]
Message-ID: <YTucCk8cVVvES2mx@google.com> (raw)
In-Reply-To: <ce2dfc44-d1cf-8d09-6a38-9befb6f65885@intel.com>

On Fri, Sep 10, 2021, Xiaoyao Li wrote:
> On 9/10/2021 2:47 AM, Sean Christopherson wrote:
> > On Tue, Sep 07, 2021, Xiaoyao Li wrote:
> > > On 9/3/2021 12:29 AM, Sean Christopherson wrote:
> > > > > After syncing internally, we know that the internal threshold is not
> > > > > architectural but a model-specific value. It will be published in some place
> > > > > in future.
> > > > 
> > > > Any chance it will also be discoverable, e.g. via an MSR?
> > > 
> > > I also hope we can expose it via MSR. If not, we can maintain a table per
> > > FMS in KVM to get the internal threshold. However, per FMS info is not
> > > friendly to be virtualized (when we are going to enable the nested support).
> > 
> > Yeah, FMS is awful.  If the built-in buffer isn't discoverable, my vote is to
> > assume the worst, i.e. a built-in buffer of '0', and have the notify_window
> > param default to a safe value, e.g. 25k or maybe even 150k (to go above what the
> > hardware folks apparently deemed safe for SPR).  It's obviously not idea, but
> > it's better than playing FMS guessing games.
> > 
> > > I'll try to persuade internal to expose it via MSR, but I guarantee nothing.
> > 
> > ...
> > 
> > > > On a related topic, this needs tests.  One thought would be to stop unconditionally
> > > > intercepting #AC if NOTIFY_WINDOW is enabled, and then have the test set up the
> > > > infinite #AC vectoring scenario.
> > > > 
> > > 
> > > yes, we have already tested with this case with notify_window set to 0. No
> > > false positive.
> > 
> > Can you send a selftest or kvm-unit-test?
> > 
> 
> Actually we implement the attacking case of CVE-2015-5307 with
> kvm-unit-test, while manually disabling the intercept of #AC.
> 
> First, it requires modification of KVM that only posting the kvm-unit-test
> doesn't help.

It helps in that hacking KVM to disable #AC interception is a lot easier than
re-writing a test from scratch.

> Second, release the attacking case is not the correct action.

As in it's irresponsible to provide code that can be used to DoS a hypervisor?
The CVE is six years old, IMO security-through-obscurity is unnecessary at this
point.

next prev parent reply	other threads:[~2021-09-10 17:55 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-25  5:12 [PATCH v2] KVM: VMX: Enable Notify VM exit Tao Xu
2021-06-02 10:31 ` Vitaly Kuznetsov
2021-06-03  1:23   ` Tao Xu
2021-06-03 13:43     ` Vitaly Kuznetsov
2021-06-03  1:25   ` Xiaoyao Li
2021-06-03 13:35     ` Jim Mattson
2021-06-07  9:24       ` Xiaoyao Li
2021-06-03 13:52     ` Vitaly Kuznetsov
2021-06-07  9:23       ` Xiaoyao Li
2021-06-24  4:52 ` Tao Xu
2021-07-22  3:25 ` Xiaoyao Li
2021-07-30 20:41 ` Sean Christopherson
2021-08-02 12:53   ` Xiaoyao Li
2021-08-02 15:46     ` Sean Christopherson
2021-08-03  0:38       ` Xiaoyao Li
2021-09-02  9:28         ` Chenyi Qiang
2021-09-02 16:29           ` Sean Christopherson
2021-09-07 13:33             ` Xiaoyao Li
2021-09-09 18:47               ` Sean Christopherson
2021-09-10  7:39                 ` Xiaoyao Li
2021-09-10 17:55                   ` Sean Christopherson [this message]
2021-09-02 16:15         ` Sean Christopherson
2021-09-02 16:36           ` Sean Christopherson
2021-09-07 13:45             ` Xiaoyao Li
2021-09-09 18:59               ` Sean Christopherson
2021-09-13  2:58                 ` Xiaoyao Li
2021-10-15 18:29                   ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YTucCk8cVVvES2mx@google.com \
    --to=seanjc@google.com \
    --cc=bp@alien8.de \
    --cc=chenyi.qiang@intel.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=tao3.xu@intel.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    --cc=xiaoyao.li@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.