On Fri, Sep 10, 2021, Xiaoyao Li wrote: > On 9/10/2021 2:47 AM, Sean Christopherson wrote: > > On Tue, Sep 07, 2021, Xiaoyao Li wrote: > > > On 9/3/2021 12:29 AM, Sean Christopherson wrote: > > > > > After syncing internally, we know that the internal threshold is not > > > > > architectural but a model-specific value. It will be published in some place > > > > > in future. > > > > > > > > Any chance it will also be discoverable, e.g. via an MSR? > > > > > > I also hope we can expose it via MSR. If not, we can maintain a table per > > > FMS in KVM to get the internal threshold. However, per FMS info is not > > > friendly to be virtualized (when we are going to enable the nested support). > > > > Yeah, FMS is awful. If the built-in buffer isn't discoverable, my vote is to > > assume the worst, i.e. a built-in buffer of '0', and have the notify_window > > param default to a safe value, e.g. 25k or maybe even 150k (to go above what the > > hardware folks apparently deemed safe for SPR). It's obviously not idea, but > > it's better than playing FMS guessing games. > > > > > I'll try to persuade internal to expose it via MSR, but I guarantee nothing. > > > > ... > > > > > > On a related topic, this needs tests. One thought would be to stop unconditionally > > > > intercepting #AC if NOTIFY_WINDOW is enabled, and then have the test set up the > > > > infinite #AC vectoring scenario. > > > > > > > > > > yes, we have already tested with this case with notify_window set to 0. No > > > false positive. > > > > Can you send a selftest or kvm-unit-test? > > > > Actually we implement the attacking case of CVE-2015-5307 with > kvm-unit-test, while manually disabling the intercept of #AC. > > First, it requires modification of KVM that only posting the kvm-unit-test > doesn't help. It helps in that hacking KVM to disable #AC interception is a lot easier than re-writing a test from scratch. > Second, release the attacking case is not the correct action. As in it's irresponsible to provide code that can be used to DoS a hypervisor? The CVE is six years old, IMO security-through-obscurity is unnecessary at this point.
