On 11/24/21 8:03 AM, Joerg Roedel wrote: > On Mon, Nov 22, 2021 at 02:51:35PM -0800, Dave Hansen wrote: >> My preference would be that we never have SEV-SNP code in the kernel >> that can panic() the host from guest userspace. If that means waiting >> until there's common guest unmapping infrastructure around, then I think >> we should wait. > Can you elaborate how to crash host kernel from guest user-space? If I > understood correctly it was about crashing host kernel from _host_ > user-space. Sorry, I misspoke there. My concern is about crashing the host kernel. It appears that *host* userspace can do that quite easily by inducing the host kernel to access some guest private memory via a kernel mapping. > I think the RMP-fault path in the page-fault handler needs to take the > uaccess exception tables into account before actually causing a panic. > This should solve most of the problems discussed here. That covers things like copy_from_user(). It does not account for things where kernel mappings are used, like where a get_user_pages()/kmap() is in play.
