----- Original Message ----- > From: "H. Peter Anvin" <hpa@xxxxxxxxx> > To: "Paolo Bonzini" <pbonzini@xxxxxxxxxx>, "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx>, "Tim Shearer" > <TShearer@xxxxxxxxxxxxxxx>, kvm@xxxxxxxxxxxxxxx > Cc: "Radim Krčmář" <rkrcmar@xxxxxxxxxx>, "Thomas Gleixner" <tglx@xxxxxxxxxxxxx>, "Ingo Molnar" <mingo@xxxxxxxxxx>, > "Andrew Honig" <ahonig@xxxxxxxxxx>, "Quan Xu" <quan.xu0@xxxxxxxxx>, x86@xxxxxxxxxx > Sent: Friday, March 23, 2018 11:15:05 PM > Subject: Re: [PATCH] KVM: VMX: Reintroduce I/O port 0x80 bypass > > On 03/20/18 14:29, Paolo Bonzini wrote: > > On 20/03/2018 21:43, hpa@xxxxxxxxx wrote: > >> What is the security issue? Port 0x80 used for other purposes on > >> real hardware? In that case, the host kernel would need to know > >> about it, and could disable this hack, no? > > > > Yes, there are DMI-based quirks. > > > >> (Such a machine would have a hard time running Linux, too. That > >> being said, I don't think it would be a bad idea to induce something > >> like X86_FEATURE_NOIODELAY which would patch out those writes; KVM > >> guests could set it.) > > > > We already do that in KVM guests through pvops. This flag could still > > be useful if the DMI-based quirks were to set it, but honestly I think > > that Tim has either a bad driver or some kind of misconfiguration. > > I guess the security issue is that if it is permitted to *read* from > port 0x80 then you can read the last value written, at least on some > systems (it aliases an unused DMA page register which are RW storage at > least on some systems.) This would allow the guest to snoop on activity > in the host or other guests depending on what is going on. No, IIRC it was just crashing the host occasionally. Paolo
