Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities

From: Like Xu
Date: Tue Jan 11 2022 - 01:24:32 EST

Next message: Naresh Kamboju: "Re: [PATCH 4.14 00/22] 4.14.262-rc1 review"
Previous message: Kishon Vijay Abraham I: "Re: [PATCH v2 4/5] PCI: keystone: Add quirk to mark AM654 RC BAR flag as IORESOURCE_UNSET"
In reply to: Like Xu: "Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities"
Next in thread: Xiaoyao Li: "Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/1/2022 12:20 pm, Like Xu wrote:

And is there any possibility of a malicious user/guest using features to cause
problems in the host? I.e. does KVM need to enforce that the guest can't enable
any unsupported features?

If a user space is set up with features not supported by KVM, it owns the risk itself.

I seem to have misunderstood it. KVM should prevent and stop any malicious guest
from destroying other parts on the host, is this the right direction ?

AFAI, the guest Intel PT introduces a great attack interface for the host and
we only use the guest supported PT features in a highly trusted environment.

I agree that more uncertainty and fixes can be triggered in the security motive,
not expecting too much from this patch. :D

Next message: Naresh Kamboju: "Re: [PATCH 4.14 00/22] 4.14.262-rc1 review"
Previous message: Kishon Vijay Abraham I: "Re: [PATCH v2 4/5] PCI: keystone: Add quirk to mark AM654 RC BAR flag as IORESOURCE_UNSET"
In reply to: Like Xu: "Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities"
Next in thread: Xiaoyao Li: "Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]