We(Google) have tests where the guest floods port 0x80 by writing to it repeatedly every instruction one after another. On some platforms this would eventually cause system instability leading to a crash of the host. It doesn't happen on all the intel platforms we've tested, but it does happen on some of them. On Fri, Mar 23, 2018 at 3:44 PM H. Peter Anvin <hpa@xxxxxxxxx> wrote: > On 03/23/18 15:34, Paolo Bonzini wrote: > >> > >> I guess the security issue is that if it is permitted to *read* from > >> port 0x80 then you can read the last value written, at least on some > >> systems (it aliases an unused DMA page register which are RW storage at > >> least on some systems.) This would allow the guest to snoop on activity > >> in the host or other guests depending on what is going on. > > > > No, IIRC it was just crashing the host occasionally. > > > In that case it should be possible to allow it IF AND ONLY IF the host > uses it itself for I/O delay (not blocked by DMI). However, I suspect > the above issue would exist anyway :( > -hpa
