From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joerg Roedel <joerg.roedel@amd.com>
Subject: Re: [PATCH 7/9] Add VMRUN handler v3
Date: Thu, 25 Sep 2008 19:37:46 +0200
Message-ID: <20080925173746.GB27928@amd.com>
References: <1221658886-14109-1-git-send-email-agraf@suse.de> <1221658886-14109-2-git-send-email-agraf@suse.de> <1221658886-14109-3-git-send-email-agraf@suse.de> <1221658886-14109-4-git-send-email-agraf@suse.de> <1221658886-14109-5-git-send-email-agraf@suse.de> <1221658886-14109-6-git-send-email-agraf@suse.de> <1221658886-14109-7-git-send-email-agraf@suse.de> <1221658886-14109-8-git-send-email-agraf@suse.de> <20080919155926.GR24392@amd.com> <319028FA-B559-44C0-BA7C-0A1AD96CDA52@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"joro@8bytes.org" <joro@8bytes.org>,
	"anthony@codemonkey.ws" <anthony@codemonkey.ws>,
	"avi@qumranet.com" <avi@qumranet.com>
To: Alexander Graf <agraf@suse.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from outbound-sin.frontbridge.com ([207.46.51.80]:3081 "EHLO
	SG2EHSOBE001.bigfish.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752751AbYIYRi1 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 25 Sep 2008 13:38:27 -0400
Content-Disposition: inline
In-Reply-To: <319028FA-B559-44C0-BA7C-0A1AD96CDA52@suse.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, Sep 25, 2008 at 07:32:55PM +0200, Alexander Graf wrote:
> >This is a big security hole. With this we give the guest access to its
> >own VMCB. The guest can take over or crash the whole host machine by
> >rewriting its VMCB. We should be more selective what we save in the
> >hsave area.
> 
> Oh, right. I didn't even think of a case where the nested guest would
> have acvess to the hsave of itself. Since the hsave can never be used
> twice on one vcpu, we could just allocate our own memory for the hsave
> in the vcpu context and leave the nested hsave empty.

I think we could also gain performance by only saving the important
parts of the VMCB and not the whole page.

Joerg

-- 
           |           AMD Saxony Limited Liability Company & Co. KG
 Operating |         Wilschdorfer Landstr. 101, 01109 Dresden, Germany
 System    |                  Register Court Dresden: HRA 4896
 Research  |              General Partner authorized to represent:
 Center    |             AMD Saxony LLC (Wilmington, Delaware, US)
           | General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy