On Tue, Jun 23, 2020 at 01:07:06PM +0200, Peter Zijlstra wrote:
> On Tue, Apr 28, 2020 at 09:55:12AM +0200, Joerg Roedel wrote:
> So what happens if this #VC triggers on the first access to the #VC
> stack, because the malicious host has craftily mucked with only the #VC
> IST stack page?
>
> Or on the NMI IST stack, then we get #VC in NMI before the NMI can fix
> you up.
>
> AFAICT all of that is non-recoverable.
I am not 100% sure, but I think if the #VC stack page is not validated,
the #VC should be promoted to a #DF.
Note that this is an issue only with secure nested paging (SNP), which
is not enabled yet with this patch-set. When it gets enabled a stack
recursion check in the #VC handler is needed which panics the VM. That
also fixes the #VC-in-early-NMI problem.
Regards,
Joerg
