On 11/24/21 8:03 AM, Joerg Roedel wrote:
On Mon, Nov 22, 2021 at 02:51:35PM -0800, Dave Hansen wrote:
quoted
My preference would be that we never have SEV-SNP code in the kernel
that can panic() the host from guest userspace. If that means waiting
until there's common guest unmapping infrastructure around, then I think
we should wait.
Can you elaborate how to crash host kernel from guest user-space? If I
understood correctly it was about crashing host kernel from _host_
user-space.
Sorry, I misspoke there.
My concern is about crashing the host kernel. It appears that *host*
userspace can do that quite easily by inducing the host kernel to access
some guest private memory via a kernel mapping.
I think the RMP-fault path in the page-fault handler needs to take the
uaccess exception tables into account before actually causing a panic.
This should solve most of the problems discussed here.
That covers things like copy_from_user(). It does not account for
things where kernel mappings are used, like where a
get_user_pages()/kmap() is in play.