From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DD8AC4338F for ; Wed, 4 Aug 2021 14:23:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4863860C3E for ; Wed, 4 Aug 2021 14:23:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238726AbhHDOXt (ORCPT ); Wed, 4 Aug 2021 10:23:49 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:56732 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238712AbhHDOXl (ORCPT ); Wed, 4 Aug 2021 10:23:41 -0400 Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id E355722227; Wed, 4 Aug 2021 14:23:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1628087007; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G3lgA3gR5Pxpz3rMev4OlYzcQXEjYQJEKFrjml4j8SQ=; b=TuPo6t0p+3Y9vKhnAM2SaS9RReH7LeDTtdIG8wadHPJb9exI6LKaxeXVRssrkJcSi9Z6ee QTQhZTMuC0IF15YIcZpbJKF9sUyocUji1z2cTU3poANxQZM2Y7hKW1R9SUdnOLHhF/37t5 z1hrNgpS0zuCowyfPvBndLyMLUyf4RQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1628087007; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G3lgA3gR5Pxpz3rMev4OlYzcQXEjYQJEKFrjml4j8SQ=; b=MlZJrGA3zawB4RmAlKYtKK7rY5Q2N9Osnq2A5Zyu2kecip2CS9st6yHgvrmRQsB7fGeFU5 NoSotCRb28Co9BBg== Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap1.suse-dmz.suse.de (Postfix) with ESMTPS id BBA7A13BD0; Wed, 4 Aug 2021 14:23:27 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap1.suse-dmz.suse.de with ESMTPSA id dUFoK9+iCmGNTgAAGKfGzw (envelope-from ); Wed, 04 Aug 2021 14:23:27 +0000 Date: Wed, 4 Aug 2021 16:23:26 +0200 From: Joerg Roedel To: Dan Carpenter Cc: kvm@vger.kernel.org Subject: Re: [bug report] x86/sev: Split up runtime #VC handler for correct state tracking Message-ID: References: <20210804095725.GA8011@kili> <20210804125834.GF22532@kadam> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210804125834.GF22532@kadam> Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org On Wed, Aug 04, 2021 at 03:58:34PM +0300, Dan Carpenter wrote: > exc_page_fault() <-- called with preempt disabled > --> kvm_handle_async_pf() > --> __kvm_handle_async_pf() > --> kvm_async_pf_task_wait_schedule() calls schedule(). This call path can not be taken in the page-fault handler when called from the #VC handler. To take this path the host needs to inject an async page-fault, especially setting async pf flags, without injecting a page-fault exception on its own ... and when the #VC handler is running. KVM is not doing that. Okay, the hypervisor can be malicious, but otherwise this can't happen. To mitigate a malicious hypervisor threat here it might be a solution to not call the page-fault handler directly from the #VC handler and let it re-fault after the #VC handler returned. Regards, Joerg