[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 30 Oct 2014 15:14:16 +0000
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, suravee.suthikulpanit@xxxxxxx, Eddie Dong <eddie.dong@xxxxxxxxx>, Aravind Gopalakrishnan <aravind.gopalakrishnan@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Delivery-date: Thu, 30 Oct 2014 15:14:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 30.10.14 at 15:57, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 30/10/14 14:43, Jan Beulich wrote:
>> A recent KVM change by Nadav Amit <namit@xxxxxxxxxxxxxxxxx> pointed out
>> that unconditional VM exits (like VMX'es ones for the INVEPT, INVVPID,
>> and XSETBV instructions) may result from guest user mode activity (in
>> the example cases, e.g. prior to a privilege level check being done).
>> Consequently convert the unconditional domain_crash() to a conditional
>> one (when guest is in kernel mode) with the alternative of injecting
>> #UD (when in user mode).
>>
>> This is meant to be a precaution against in-guest security issues
>> introduced when any such VM exit becomes possible (on newer hardware)
>> without the hypervisor immediately being aware of it. There are no such
>> unhandled VM exits currently (and hence this is not an active security
>> issue), but old (no longer security maintained) versions exhibit issues
>> in the cases given as examples above.
>>
>> Suggested-by: Tim Deegan <tim@xxxxxxx>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> 
> The gdprintk() in vmx.c is not true for some entries via the
> exit_and_crash label, but it is probably worth deferring fixing it to a
> separate patch.

Right - several would better bypass the logging. The same applies
to svm.c afaict. And yes, logically a separate change, so better
also a separate patch.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [RFC] Hypervisor RNG and enumeration
Next by Date: Re: [Xen-devel] [RFC PATCH v2 05/11] time: Convert all users of do_settimeofday() to use do_settimeofday64()
Previous by thread: Re: [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode
Next by thread: Re: [Xen-devel] [PATCH] x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.