On 11/24/21 18:48, Dave Hansen wrote: > On 11/24/21 8:03 AM, Joerg Roedel wrote: >> On Mon, Nov 22, 2021 at 02:51:35PM -0800, Dave Hansen wrote: >>> My preference would be that we never have SEV-SNP code in the kernel >>> that can panic() the host from guest userspace. If that means waiting >>> until there's common guest unmapping infrastructure around, then I think >>> we should wait. >> Can you elaborate how to crash host kernel from guest user-space? If I >> understood correctly it was about crashing host kernel from _host_ >> user-space. > > Sorry, I misspoke there. > > My concern is about crashing the host kernel. It appears that *host* > userspace can do that quite easily by inducing the host kernel to access > some guest private memory via a kernel mapping. I thought some of the scenarios discussed here also went along "guest (doesn't matter if userspace or kernel) shares a page with host, invokes some host kernel operation and in parallel makes the page private again". >> I think the RMP-fault path in the page-fault handler needs to take the >> uaccess exception tables into account before actually causing a panic. >> This should solve most of the problems discussed here. > > That covers things like copy_from_user(). It does not account for > things where kernel mappings are used, like where a > get_user_pages()/kmap() is in play. >
