Re: [RFC KVM 24/27] kvm/isolation: KVM page fault handler

[Alexandre Chartre]

On 5/13/19 6:02 PM, Andy Lutomirski wrote:
> On Mon, May 13, 2019 at 7:39 AM Alexandre Chartre
> <alexandre.chartre@xxxxxxxxxx> wrote:
> > The KVM page fault handler handles page fault occurring while using
> > the KVM address space by switching to the kernel address space and
> > retrying the access (except if the fault occurs while switching
> > to the kernel address space). Processing of page faults occurring
> > while using the kernel address space is unchanged.
> >
> > Page fault log is cleared when creating a vm so that page fault
> > information doesn't persist when qemu is stopped and restarted.
>
> Are you saying that a page fault will just exit isolation?  This
> completely defeats most of the security, right?  Sure, it still helps
> with side channels, but not with actual software bugs.

Yes, page fault exit isolation so that the faulty instruction can be retried
with the full kernel address space. When exiting isolation, we also want to
kick the sibling hyperthread and pinned it so that it can't steal secret while
we use the kernel address page, but that's not implemented in this serie
(see TODO comment in kvm_isolation_exit() in patch 25 "kvm/isolation:
implement actual KVM isolation enter/exit").

alex.