Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1641432ybt; Thu, 9 Jul 2020 11:41:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwXNXRj6encVXJmsLvu+hMzOzNykMIA5JJXPleG6726dErXd0ojhPBklEZx58ELcnLmOXbE X-Received: by 2002:aa7:db06:: with SMTP id t6mr69445869eds.369.1594320102758; Thu, 09 Jul 2020 11:41:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594320102; cv=none; d=google.com; s=arc-20160816; b=dCArhXcLd/MkwMUKUVoCnRq31/LT4ZD+JAEsNgbfGfgMd35/Vw+Y92kKt1NIrezc5g I5eEjhhEgndBpZs5jCR9Ma+N7UauGa2bogu8rcCi1Y6G2TQqvCTWk3uLTCllmejpV8Co HrecVQ6KMES8LMOlXZUoesQz9Lbvla7F9WRj2oGthHWkrkGhPB8durla8qCddI3aS+U2 5VPdoPz/sdU2JtNR6kMNqamfQPgFRfJpOMQtqCCA9G5Ogg8RCFbpyBWm40ZAZzketMew MKUrMSx7atMdkMjntbrFkhJMvtELZ+vnLyd6E7yse9u1Kv39xl+jTKy8XLpCfFoFzfeL gMkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=SJQldr4+VKrEQsjFpeywG2H0CUaXEr03YCsdEkG+QHU=; b=i8U3KjGxGXviK8Nd6yWVvDeI9mTNbMINeBe0NVbW/T5UbCjZrSbqd3T9XLRWft5kZw aM8bWb6xmi4bgOr8Cwp49K1dEuTnzPuVa/mfR9JUBaQlr7C1ZD84+/VIL4C7NXWUIyqu zGSXoQKtat1Svr2Mf27sIy8kmSaskRnJ9m1E2WuCIVZBoia5Aeh/tChp9hOFxZVZe7v+ HLHYw5jLQpzcUGifwN5Al12U/v9ZAKxknwNpL+vGv3hvymV5eiVksGLCdT/gxKRESnC9 iBmP807Kr8hQPYOLkFspBuV6vkULUQY+lAoCmNHptQGtWzFDXGgSpoRJKOvIp7N+prh9 CZxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sLHHvMca; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o21si2346825ejg.550.2020.07.09.11.41.18; Thu, 09 Jul 2020 11:41:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sLHHvMca; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726260AbgGISlG (ORCPT + 99 others); Thu, 9 Jul 2020 14:41:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726116AbgGISlF (ORCPT ); Thu, 9 Jul 2020 14:41:05 -0400 Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B55A5C08C5CE for ; Thu, 9 Jul 2020 11:41:05 -0700 (PDT) Received: by mail-il1-x144.google.com with SMTP id o3so2870601ilo.12 for ; Thu, 09 Jul 2020 11:41:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SJQldr4+VKrEQsjFpeywG2H0CUaXEr03YCsdEkG+QHU=; b=sLHHvMcaaw8F8Vc2qUuZTPf0IOPqoaIrg15SnfkoSsQmKU1+z+Xx3tk6XwpKmXSnaj W1BEXXfegRmyrI7K/2oTAPrzFILjPz3KB7Tqr54DRPZxyGQs3JbShF2FYSxh30PJVIqm Ty8WWF6+Ucg9fMASWJszsePs+ghbxuknkGkVkfITDrRs4rNfHofSslmeUjTT4XFeZFDZ dbkU/YKhBu1a3I+POGNOjJPmTJaA4gbyV3+QANd1agBsHBPmp+VJ2D3TDedQgfSWnx1M wm3y9hAHi3kKcadop2Dy/D9nbKdtz+KS3woGn9ItvMWJRZl9zaj9oObwlRII/3MjIWwG w5eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SJQldr4+VKrEQsjFpeywG2H0CUaXEr03YCsdEkG+QHU=; b=HCun716S6h3KrdO8iFpTqzS7wEb9t/GtMvs5//uMqpXfYMqCG7zjj4/mai3cO5fWZP PSRX4ZT4RUVMgztJRlnMI4JmCK8eSk14yN+ltGX0m+R/VW2WJNPSd3ZHcOCs+Dy6Pws5 iAlCc9FYGGZ3KDF6twlY4sdrMf14aLZxxDDsz+b7cY0Pt48w2shE+CwQlBlE92nAeSE4 VTWLQsF4PmwrAWBYxU91nnBAcCHV8Gn461m/3g6JCpWa1skvepyfinlpewKaGFtEa157 HwM6GDPTlj9hZxGxsb4l5yen2URqA248ZIezYFNH2+2nhvu/LO0NX3zwbbZwHYXUkQWG 6J2Q== X-Gm-Message-State: AOAM532tMOd4oFMA3eWyCDZHV31QUXoUxcZL8S3oQU7WbsCKDpB4mSdV xnJJQ8ytLhuKEAkBKGjdbsb7PUnQdadFrTMejI/8jg== X-Received: by 2002:a05:6e02:de6:: with SMTP id m6mr47488213ilj.296.1594320064774; Thu, 09 Jul 2020 11:41:04 -0700 (PDT) MIME-Version: 1.0 References: <20200709095525.907771-1-pbonzini@redhat.com> <782fdf92-38f8-c081-9796-5344ab3050d5@redhat.com> <717a1b5d-1bf3-5f72-147a-faccd4611b87@redhat.com> In-Reply-To: <717a1b5d-1bf3-5f72-147a-faccd4611b87@redhat.com> From: Jim Mattson Date: Thu, 9 Jul 2020 11:40:53 -0700 Message-ID: Subject: Re: [PATCH] KVM: nSVM: vmentry ignores EFER.LMA and possibly RFLAGS.VM To: Paolo Bonzini Cc: LKML , kvm list , Maxim Levitsky Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 9, 2020 at 11:31 AM Paolo Bonzini wrote: > > On 09/07/20 20:28, Jim Mattson wrote: > >> That said, the VMCB here is guest memory and it can change under our > >> feet between nested_vmcb_checks and nested_prepare_vmcb_save. Copying > >> the whole save area is overkill, but we probably should copy at least > >> EFER/CR0/CR3/CR4 in a struct at the beginning of nested_svm_vmrun; this > >> way there'd be no TOC/TOU issues between nested_vmcb_checks and > >> nested_svm_vmrun. This would also make it easier to reuse the checks in > >> svm_set_nested_state. Maybe Maxim can look at it while I'm on vacation, > >> as he's eager to do more nSVM stuff. :D > > > > I fear that nested SVM is rife with TOCTTOU issues. > > I am pretty sure about that, actually. :) > > Another possibility to stomp them in a more efficient manner could be to > rely on the dirty flags, and use them to set up an in-memory copy of the > VMCB. That sounds like a great idea! Is Maxim going to look into that?