Re: [PATCH] kvm/x86/mmu: use the correct inherited permissions to get shadow page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30/11/20 18:41, Sean Christopherson wrote:

pmd1 and pmd2 point to the same pte table, so:
ptr1 and ptr3 points to the same page.
ptr2 and ptr4 points to the same page.

   The guess read-accesses to ptr1 first. So the hypervisor gets the
shadow pte page table with role.access=u-- among other things.
    (Note the shadowed pmd1's access is uwx)

   And then the guest write-accesses to ptr2, and the hypervisor
set up shadow page for ptr2.
    (Note the hypervisor silencely accepts the role.access=u--
     shadow pte page table in FNAME(fetch))

   After that, the guess read-accesses to ptr3, the hypervisor
reused the same shadow pte page table as above.

   At last, the guest writes to ptr4 without vmexit nor pagefault,
Which should cause vmexit as the guest expects.

Hmm, yes, KVM would incorrectly handle this scenario.  But, the proposed patch
would not address the issue as KVM always maps non-leaf shadow pages with full
access permissions.

Can we have a testcase in kvm-unit-tests? It's okay of course if it only fails with ept=0.

Paolo




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux