From mboxrd@z Thu Jan 1 00:00:00 1970 From: Huang Ying Subject: Re: [PATCH] QEMU-KVM: MCE: Relay UCR MCE to guest Date: Thu, 10 Sep 2009 10:50:13 +0800 Message-ID: <1252551013.5212.145.camel@yhuang-dev.sh.intel.com> References: <1252312353.14648.731.camel@yhuang-dev.sh.intel.com> <4AA57187.5020502@us.ibm.com> <20090908081125.GB9107@basil.fritz.box> <4AA79B3D.9040800@redhat.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: Andi Kleen , Anthony Liguori , "kvm@vger.kernel.org" To: Avi Kivity Return-path: Received: from mga03.intel.com ([143.182.124.21]:9252 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751652AbZIJCuM (ORCPT ); Wed, 9 Sep 2009 22:50:12 -0400 In-Reply-To: <4AA79B3D.9040800@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Wed, 2009-09-09 at 20:10 +0800, Avi Kivity wrote: > On 09/08/2009 11:11 AM, Andi Kleen wrote: > > > >> Does this potentially open a security hole for us? Consider the following: > >> > >> 1) We happen to read guest memory and that causes an MCE. For instance, > >> say we're in virtio.c and we read the virtio ring. > >> 2) That should trigger the kernel to generate a sigbus. > >> 3) We catch sigbus, and queue an MCE for delivery. > >> 4) After sigbus handler completes, we're back in virtio.c, what was the > >> value of the memory operation we just completed? > >> > > Yes for any errors on accessing qemu internal memory that is not > > owned by the guest image you should abort. I thought Ying's patch > > did that already though, by aborting if there's no slot match. > > > > User-mode qemu access should abort even if accessing guest memory, since > there no way to recover the thread of execution (need a kernel-style > exception table for each instruction that accesses guest memory, which > would be a total overkill). For UCR MCE caused by user space read/write, SIGBUS will be sent via force_sig_info. For guest mode qemu, SIGBUS will be captured, and for user mode qemu, SIGBUS will kill qemu. Best Regards, Huang Ying