Re: [PATCH v6 5/7] KVM: x86: VMX: Prevent MSR passthrough when MSR access is denied

[Alexander Graf]

On 16.09.20 22:13, Aaron Lewis wrote:
> > > > +
> > > >    /*
> > > >     * These 2 parameters are used to config the controls for Pause-Loop Exiting:
> > > >     * ple_gap:    upper bound on the amount of time between two successive
> > > > @@ -622,6 +642,41 @@ static inline bool report_flexpriority(void)
> > > >           return flexpriority_enabled;
> > > >    }
> > >
> > > One thing that seems to be missing is removing MSRs from the
> > > permission bitmap or resetting the permission bitmap to its original
> > > state before adding changes on top of it.  This would be needed on
> > > subsequent calls to kvm_vm_ioctl_set_msr_filter().  When that happens
> > > the original changes made by KVM_REQ_MSR_FILTER_CHANGED need to be
> > > backed out before applying the new set.
> >
> > I'm not sure I follow. Subsequent calls to set_msr_filter() will invoke
> > the "please reset the whole MSR passthrough bitmap to a consistent
> > state" which will then reapply the in-kvm desired state through the
> > bitmap and filter state on top on each of those.
>
> Yes, you're correct.  I discovered this after the fact by adding a
> test to the selftest I wrote for the deny list system which I revamped
> to work for your filter system.  It proved the permission bitmaps are
> in fact set as expected on subsequent calls.  You can disregard this
> comment.
>
> As a side note, I'm happy to share the test if you'd like. I also used
> it to uncover an issue in the first commit of this series.

I really enjoy the tests that you submitted and would love to see you 
add your test coverage to the filtering patch set :)


Thanks!

Alex




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879