lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Aug 2017 09:57:17 -0500
From:   Janakarajan Natarajan <Janakarajan.Natarajan@....com>
To:     kvm@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krcmar <rkrcmar@...hat.com>,
        Joerg Roedel <joro@...tes.org>,
        Andy Lutomirski <luto@...nel.org>,
        Tony Luck <tony.luck@...el.com>,
        Piotr Luc <piotr.luc@...el.com>, Borislav Petkov <bp@...e.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>,
        Yazen Ghannam <yazen.ghannam@....com>,
        Janakarajan Natarajan <Janakarajan.Natarajan@....com>
Subject: [PATCH v2 0/2] KVM: SVM: Virtual GIF

This patchset adds support for the Virtual GIF (vGIF) feature. This
feature allows the STGI and CLGI instructions to be executed in the
Guest Mode and not require a #VMEXIT. With this, virtual interrupts
can be controlled in the Guest Mode while still allowing physical
interrupts to be intercepted by the hypervisor.

In order to provide this ability, two new bits are added to the VMCB
at offset 60h:

* Bit 9	 - VGIF value
	 : 0 -> Virtual interrupts are masked
	 : 1 -> Virtual interrupts are unmasked

* Bit 25 - AMD Virtual GIF enabled for this guest
	 : 0 -> Disabled
	 : 1 -> Enabled

When a VMRUN is executed and Bit 25 is set, the processor uses Bit 9
as the starting value of the virtual GIF. It then provides masking
capability for when virtual interrupts are taken. Bit 9 is writeable
by the hypervisor and loaded on VMRUN and saved on #VMEXIT. STGI/CLGI
executed in the Guest Mode sets or clears the virtual GIF.

The advantage of this feature will be the greatly reduced number of
world switches to support the STGI and CLGI instructions by the
outermost hypervisor at Current Privilege Level (CPL) 0.

This has been tested with Xen, Hyper-V and KVM as the nested hypervisor.

v1->v2:

* Updated patch description and changed cpufeature definition to be similar
  to AMD documentation.

* Updated NMI logic. STGI intercept added to assit in opening NMI window.
  Suggested by Radim.

Janakarajan Natarajan (2):
  KVM: SVM: Add Virtual GIF feature definition
  KVM: SVM: Enable Virtual GIF feature

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/svm.h         |  6 ++++
 arch/x86/kvm/svm.c                 | 62 +++++++++++++++++++++++++++++++++-----
 3 files changed, 62 insertions(+), 7 deletions(-)

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ