On Mon, Nov 15, 2021, Dr. David Alan Gilbert wrote: > * Sean Christopherson (seanjc@xxxxxxxxxx) wrote: > > On Fri, Nov 12, 2021, Borislav Petkov wrote: > > > On Fri, Nov 12, 2021 at 09:59:46AM -0800, Dave Hansen wrote: > > > > Or, is there some mechanism that prevent guest-private memory from being > > > > accessed in random host kernel code? > > > > Or random host userspace code... > > > > > So I'm currently under the impression that random host->guest accesses > > > should not happen if not previously agreed upon by both. > > > > Key word "should". > > > > > Because, as explained on IRC, if host touches a private guest page, > > > whatever the host does to that page, the next time the guest runs, it'll > > > get a #VC where it will see that that page doesn't belong to it anymore > > > and then, out of paranoia, it will simply terminate to protect itself. > > > > > > So cloud providers should have an interest to prevent such random stray > > > accesses if they wanna have guests. :) > > > > Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong. > > Would it necessarily have been a host bug? A guest telling the host a > bad GPA to DMA into would trigger this wouldn't it? No, because as Andy pointed out, host userspace must already guard against a bad GPA, i.e. this is just a variant of the guest telling the host to DMA to a GPA that is completely bogus. The shared vs. private behavior just means that when host userspace is doing a GPA=>HVA lookup, it needs to incorporate the "shared" state of the GPA. If the host goes and DMAs into the completely wrong HVA=>PFN, then that is a host bug; that the bug happened to be exploited by a buggy/malicious guest doesn't change the fact that the host messed up.