From: Gleb Natapov <gleb@redhat.com>
To: Abel Gordon <ABELG@il.ibm.com>
Cc: dongxiao.xu@intel.com, jun.nakajima@intel.com,
kvm@vger.kernel.org, nadav@harel.org.il, owasserm@redhat.com
Subject: Re: [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs
Date: Thu, 18 Apr 2013 10:11:22 +0300 [thread overview]
Message-ID: <20130418071122.GK8997@redhat.com> (raw)
In-Reply-To: <OF7703B52F.B6609B7A-ONC2257B51.0025CE44-C2257B51.00271C21@il.ibm.com>
On Thu, Apr 18, 2013 at 10:07:11AM +0300, Abel Gordon wrote:
>
>
> Gleb Natapov <gleb@redhat.com> wrote on 18/04/2013 09:38:43 AM:
>
> > On Wed, Apr 17, 2013 at 08:07:40PM +0300, Abel Gordon wrote:
> > > Allocate a shadow vmcs used by the processor to shadow part of the
> fields
> > > stored in the software defined VMCS12 (let L1 access fields without
> causing
> > > exits). Note we keep a shadow vmcs only for the current vmcs12.
> > Once a vmcs12
> > > becomes non-current, its shadow vmcs is released.
> > >
> > >
> > > Signed-off-by: Abel Gordon <abelg@il.ibm.com>
> > > ---
> > > arch/x86/kvm/vmx.c | 12 ++++++++++++
> > > 1 file changed, 12 insertions(+)
> > >
> > > --- .before/arch/x86/kvm/vmx.c 2013-04-17 19:58:32.000000000 +0300
> > > +++ .after/arch/x86/kvm/vmx.c 2013-04-17 19:58:32.000000000 +0300
> > > @@ -355,6 +355,7 @@ struct nested_vmx {
> > > /* The host-usable pointer to the above */
> > > struct page *current_vmcs12_page;
> > > struct vmcs12 *current_vmcs12;
> > > + struct vmcs *current_shadow_vmcs;
> > >
> > > /* vmcs02_list cache of VMCSs recently used to run L2 guests */
> > > struct list_head vmcs02_pool;
> > > @@ -5517,6 +5518,7 @@ static int handle_vmon(struct kvm_vcpu *
> > > {
> > > struct kvm_segment cs;
> > > struct vcpu_vmx *vmx = to_vmx(vcpu);
> > > + struct vmcs *shadow_vmcs;
> > >
> > > /* The Intel VMX Instruction Reference lists a bunch of bits that
> > > * are prerequisite to running VMXON, most notably cr4.VMXE must be
> > > @@ -5540,6 +5542,16 @@ static int handle_vmon(struct kvm_vcpu *
> > > kvm_inject_gp(vcpu, 0);
> > > return 1;
> > > }
> > > + if (enable_shadow_vmcs) {
> > > + shadow_vmcs = alloc_vmcs();
> > > + if (!shadow_vmcs)
> > > + return -ENOMEM;
> > > + /* mark vmcs as shadow */
> > > + shadow_vmcs->revision_id |= (1u << 31);
> > > + /* init shadow vmcs */
> > > + vmcs_clear(shadow_vmcs);
> > > + vmx->nested.current_shadow_vmcs = shadow_vmcs;
> > > + }
> > >
> > Guest can ddos host by calling vmxon repeatedly causing host to leak
> > memory. This point to a bug in vmxon implementation. vmxon should call
> > nested_vmx_failInvalid() if (vmx->nested.vmxon).
>
> Good point. I just checked the spec (VMXON pseudo-code) to verify
> the right emulation:
> According to the pseudo-code we should:
> ELSE VMfail(“VMXON executed in VMX root operation”) which means:
>
> VMfail(ErrorNumber):
> IF VMCS pointer is valid
> THEN VMfailValid(ErrorNumber);
> ELSE VMfailInvalid;
> FI;
>
>
> So, I'll call nested_vmx_failValid if nested.current_vmptr != -1ull
> Otherwise, I'll call nested_vmx_failInvalid.
>
Just call nested_vmx_failValid(). It does that internally.
--
Gleb.
next prev parent reply other threads:[~2013-04-18 7:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-17 17:05 [PATCH 0/10] KVM: nVMX: shadow VMCS support, v3 Abel Gordon
2013-04-17 17:05 ` [PATCH 01/10] KVM: nVMX: Shadow-vmcs control fields/bits Abel Gordon
2013-04-17 17:06 ` [PATCH 02/10] KVM: nVMX: Detect shadow-vmcs capability Abel Gordon
2013-04-17 17:06 ` [PATCH 03/10] KVM: nVMX: Introduce vmread and vmwrite bitmaps Abel Gordon
2013-04-17 17:07 ` [PATCH 04/10] KVM: nVMX: Refactor handle_vmwrite Abel Gordon
2013-04-17 17:07 ` [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs Abel Gordon
2013-04-18 6:38 ` Gleb Natapov
2013-04-18 7:07 ` Abel Gordon
2013-04-18 7:11 ` Gleb Natapov [this message]
2013-04-18 7:15 ` Abel Gordon
2013-04-17 17:08 ` [PATCH 06/10] KVM: nVMX: Release " Abel Gordon
2013-04-17 17:08 ` [PATCH 07/10] KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12 Abel Gordon
2013-04-17 17:09 ` [PATCH 08/10] KVM: nVMX: Copy VMCS12 to processor-specific shadow vmcs Abel Gordon
2013-04-17 17:09 ` [PATCH 09/10] KVM: nVMX: Synchronize VMCS12 content with the " Abel Gordon
2013-04-18 6:41 ` Gleb Natapov
2013-04-18 7:07 ` Abel Gordon
2013-04-18 7:10 ` Gleb Natapov
2013-04-17 17:10 ` [PATCH 10/10] KVM: nVMX: Enable and disable shadow vmcs functionality Abel Gordon
-- strict thread matches above, loose matches on Subject: below --
2013-04-17 11:50 [PATCH 0/10] KVM: nVMX: shadow VMCS support, v2 Abel Gordon
2013-04-17 11:53 ` [PATCH 05/10] KVM: nVMX: Allocate shadow vmcs Abel Gordon
2013-04-17 14:10 ` Gleb Natapov
2013-04-17 14:41 ` Abel Gordon
2013-04-17 14:44 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130418071122.GK8997@redhat.com \
--to=gleb@redhat.com \
--cc=ABELG@il.ibm.com \
--cc=dongxiao.xu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=nadav@harel.org.il \
--cc=owasserm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox