[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode

>>> On 30.10.14 at 15:57, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 30/10/14 14:43, Jan Beulich wrote:
>> A recent KVM change by Nadav Amit <namit@xxxxxxxxxxxxxxxxx> pointed out
>> that unconditional VM exits (like VMX'es ones for the INVEPT, INVVPID,
>> and XSETBV instructions) may result from guest user mode activity (in
>> the example cases, e.g. prior to a privilege level check being done).
>> Consequently convert the unconditional domain_crash() to a conditional
>> one (when guest is in kernel mode) with the alternative of injecting
>> #UD (when in user mode).
>> This is meant to be a precaution against in-guest security issues
>> introduced when any such VM exit becomes possible (on newer hardware)
>> without the hypervisor immediately being aware of it. There are no such
>> unhandled VM exits currently (and hence this is not an active security
>> issue), but old (no longer security maintained) versions exhibit issues
>> in the cases given as examples above.
>> Suggested-by: Tim Deegan <tim@xxxxxxx>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> The gdprintk() in vmx.c is not true for some entries via the
> exit_and_crash label, but it is probably worth deferring fixing it to a
> separate patch.

Right - several would better bypass the logging. The same applies
to svm.c afaict. And yes, logically a separate change, so better
also a separate patch.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.