From: Jim Mattson <jmattson@google.com>
To: Wanpeng Li <kernellwp@gmail.com>
Cc: kvm <kvm@vger.kernel.org>, P J P <ppandit@redhat.com>,
Andrew Honig <ahonig@google.com>
Subject: Re: [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
Date: Mon, 4 Dec 2017 09:10:27 -0800 [thread overview]
Message-ID: <CALMp9eQ1qkHiMfRmWRHRDA4e4PMudehXXjHQRN4RuuLPp_k7vw@mail.gmail.com> (raw)
In-Reply-To: <CANRm+CzwmqM5_dssvAur8Tmx6pSabDwnUm8kscmF6C_F+vWenQ@mail.gmail.com>
Google has carried this patch since long before my time. I would
suggest modifying the kvm-unit-test to (a) unroll the loop ~1000
times, and (b) execute out to port 0x80 from ~64 vcpu threads in
parallel.
On Mon, Dec 4, 2017 at 4:44 AM, Wanpeng Li <kernellwp@gmail.com> wrote:
> Hi Jim,
> 2017-12-02 2:21 GMT+08:00 Jim Mattson <jmattson@google.com>:
>> From: Andrew Honig <ahonig@google.com>
>>
>> This fixes CVE-2017-1000407.
>
> Do you observe a real issue on recent Intel boxes? In addition, how to
> reproduce? Actually there is a testcase in kvm-unit-tests which can
> run 10 million times ioport 0x80 write and I didn't observe any issue
> before. :)
>
> Regards,
> Wanpeng Li
>
>>
>> KVM allows guests to directly access I/O port 0x80 on Intel hosts. If
>> the guest floods this port with writes it generates exceptions and
>> instability in the host kernel, leading to a crash. With this change
>> guest writes to port 0x80 on Intel will behave the same as they
>> currently behave on AMD systems.
>>
>> Prevent the flooding by removing the code that sets port 0x80 as a
>> passthrough port. This is essentially the same as upstream patch
>> 99f85a28a78e96d28907fe036e1671a218fee597, except that patch was
>> for AMD chipsets and this patch is for Intel.
>>
>> Signed-off-by: Andrew Honig <ahonig@google.com>
>> Signed-off-by: Jim Mattson <jmattson@google.com>
>> ---
>> arch/x86/kvm/vmx.c | 5 -----
>> 1 file changed, 5 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index d2b452d66363..d16abd1808eb 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -6753,12 +6753,7 @@ static __init int hardware_setup(void)
>> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
>> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
>>
>> - /*
>> - * Allow direct access to the PC debug port (it is often used for I/O
>> - * delays, but the vmexits simply slow things down).
>> - */
>> memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
>> - clear_bit(0x80, vmx_io_bitmap_a);
>>
>> memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
>>
>> --
>> 2.15.0.531.g2ccb3012c9-goog
>>
next prev parent reply other threads:[~2017-12-04 17:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-01 18:21 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Jim Mattson
2017-12-01 18:21 ` [PATCH 2/2] KVM: VMX: Use just one page for I/O permission bitmaps Jim Mattson
2017-12-04 18:30 ` kbuild test robot
2017-12-04 18:34 ` Jim Mattson
2017-12-05 21:26 ` Radim Krčmář
2017-12-06 0:16 ` Jim Mattson
2017-12-06 11:17 ` Quan Xu
2017-12-06 18:19 ` Jim Mattson
2017-12-07 2:33 ` Quan Xu
2017-12-07 17:06 ` Radim Krčmář
2017-12-08 2:04 ` Quan Xu
2017-12-02 0:34 ` [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Krish Sadhukhan
2017-12-04 12:44 ` Wanpeng Li
2017-12-04 17:10 ` Jim Mattson [this message]
2017-12-05 7:19 ` Wanpeng Li
2017-12-05 11:24 ` Quan Xu
2017-12-05 12:15 ` Wanpeng Li
2017-12-05 21:32 ` Radim Krčmář
2017-12-06 0:36 ` Jim Mattson
2017-12-06 1:38 ` Quan Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALMp9eQ1qkHiMfRmWRHRDA4e4PMudehXXjHQRN4RuuLPp_k7vw@mail.gmail.com \
--to=jmattson@google.com \
--cc=ahonig@google.com \
--cc=kernellwp@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=ppandit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.