lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jan 2018 01:52:11 +0100 From: KarimAllah Ahmed <karahmed@...zon.com> To: Jim Mattson <jmattson@...gle.com>, Paolo Bonzini <pbonzini@...hat.com> CC: KarimAllah Ahmed <karahmed@...zon.de>, kvm list <kvm@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, the arch/x86 maintainers <x86@...nel.org>, Asit Mallick <asit.k.mallick@...el.com>, Arjan Van De Ven <arjan.van.de.ven@...el.com>, Dave Hansen <dave.hansen@...el.com>, Andi Kleen <ak@...ux.intel.com>, Andrea Arcangeli <aarcange@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Tim Chen <tim.c.chen@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Dan Williams <dan.j.williams@...el.com>, Jun Nakajima <jun.nakajima@...el.com>, "David Woodhouse" <dwmw@...zon.co.uk>, Greg KH <gregkh@...uxfoundation.org>, "Andy Lutomirski" <luto@...nel.org>, Ashok Raj <ashok.raj@...el.com> Subject: Re: [PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL On 01/31/2018 01:27 AM, Jim Mattson wrote: > On Tue, Jan 30, 2018 at 4:19 PM, Paolo Bonzini <pbonzini@...hat.com> wrote: >> The new code in nested_vmx_merge_msr_bitmap should be conditional on >> vmx->save_spec_ctrl_on_exit. > > But then if L1 doesn't use MSR_IA32_SPEC_CTRL itself and it uses the > VM-entry MSR load list to set up L2's MSR_IA32_SPEC_CTRL, you will > never set vmx->save_spec_ctrl_on_exit, and L2's accesses to the MSR > will always be intercepted by L0. I can add another variable (actually two) to indicate if msr interception should be disabled or not for SPEC_CTRL and PRED_CMD in nested case. That would allow us to have a fast alternative to guest_cpuid_has in nested_vmx_merge_msr_bitmap and at the same time maintain the current semantics of save_spec_ctrl_on_exit (i.e we would still differentiate between set_msr that is called from the loading MSRs for the emulated vm-entry vs L2 actually writing to it). What do you think? Amazon Development Center Germany GmbH Berlin - Dresden - Aachen main office: Krausenstr. 38, 10117 Berlin Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger Ust-ID: DE289237879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
Powered by blists - more mailing lists