From mboxrd@z Thu Jan 1 00:00:00 1970 From: Quan Xu Subject: Re: [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Date: Tue, 5 Dec 2017 19:24:30 +0800 Message-ID: <66eee157-91c7-925c-e1dd-64323a24f8d6@gmail.com> References: <20171201182110.7143-1-jmattson@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: kvm , P J P , Andrew Honig To: Jim Mattson , Wanpeng Li Return-path: Received: from mail-ot0-f193.google.com ([74.125.82.193]:41079 "EHLO mail-ot0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751040AbdLELYi (ORCPT ); Tue, 5 Dec 2017 06:24:38 -0500 Received: by mail-ot0-f193.google.com with SMTP id b54so17531382otd.8 for ; Tue, 05 Dec 2017 03:24:37 -0800 (PST) In-Reply-To: Content-Language: en-US Sender: kvm-owner@vger.kernel.org List-ID: On 2017/12/05 01:10, Jim Mattson wrote: > Google has carried this patch since long before my time. I would > suggest modifying the kvm-unit-test to (a) unroll the loop ~1000 > times, and (b) execute out to port 0x80 from ~64 vcpu threads in > parallel. Jim,  could you reproduce it on all of your machine types? I can't reproduce it on 2 types of my machine.. btw, it is not a good idle to open reproduction here:(.. I do believe you can reproduce on you machine. could you have a try: without guest, flood 80 port with writes in host kernel..  does it lead to a crash? if host kernel crash, does it a machine hardware issue, kernel issue, or both? Quan Alibaba Cloud > On Mon, Dec 4, 2017 at 4:44 AM, Wanpeng Li wrote: >> Hi Jim, >> 2017-12-02 2:21 GMT+08:00 Jim Mattson : >>> From: Andrew Honig >>> >>> This fixes CVE-2017-1000407. >> Do you observe a real issue on recent Intel boxes? In addition, how to >> reproduce? Actually there is a testcase in kvm-unit-tests which can >> run 10 million times ioport 0x80 write and I didn't observe any issue >> before. :) >> >> Regards, >> Wanpeng Li >> >>> KVM allows guests to directly access I/O port 0x80 on Intel hosts. If >>> the guest floods this port with writes it generates exceptions and >>> instability in the host kernel, leading to a crash. With this change >>> guest writes to port 0x80 on Intel will behave the same as they >>> currently behave on AMD systems. >>> >>> Prevent the flooding by removing the code that sets port 0x80 as a >>> passthrough port. This is essentially the same as upstream patch >>> 99f85a28a78e96d28907fe036e1671a218fee597, except that patch was >>> for AMD chipsets and this patch is for Intel. >>> >>> Signed-off-by: Andrew Honig >>> Signed-off-by: Jim Mattson >>> --- >>> arch/x86/kvm/vmx.c | 5 ----- >>> 1 file changed, 5 deletions(-) >>> >>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >>> index d2b452d66363..d16abd1808eb 100644 >>> --- a/arch/x86/kvm/vmx.c >>> +++ b/arch/x86/kvm/vmx.c >>> @@ -6753,12 +6753,7 @@ static __init int hardware_setup(void) >>> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE); >>> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE); >>> >>> - /* >>> - * Allow direct access to the PC debug port (it is often used for I/O >>> - * delays, but the vmexits simply slow things down). >>> - */ >>> memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE); >>> - clear_bit(0x80, vmx_io_bitmap_a); >>> >>> memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE); >>> >>> -- >>> 2.15.0.531.g2ccb3012c9-goog >>>