| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 May 2014 18:30:32 +0300 From: Abel Gordon <abel@...atoscale.com> To: Paolo Bonzini <pbonzini@...hat.com> Cc: Hu Yaohui <loki2441@...il.com>, Bandan Das <bsd@...hat.com>, kvm <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Muli Ben-Yehuda <muli@...atoscale.com> Subject: Re: KVM Nested L2 guest startup problems On Wed, May 7, 2014 at 2:40 PM, Paolo Bonzini <pbonzini@...hat.com> wrote: > Il 07/05/2014 13:37, Paolo Bonzini ha scritto: > >> Il 07/05/2014 13:16, Abel Gordon ha scritto: >>>> >>>> > PLE should be left enabled, I think. >>> >>> Well... the PLE settings L0 uses to run L1 (vmcs01) may be different >>> than the PLE settings L1 configured to run L2 (vmcs12). >>> For example, L0 can use a ple_gap to run L1 that is bigger than the >>> ple_gap L1 configured to run L2. Or L0 can use a ple_window to run L1 >>> that is smaller than the ple_window L1 configured to run L2. >> >> >> That's correct. We should leave PLE enabled while running L2, but hide >> the feature altogether from L1. > > > ... which we already do. The only secondary execution controls we allow are > APIC page, unrestricted guest, WBINVD exits, and of course EPT. But we don't verify if L1 tries to enable the feature for L1 (even if it's not exposed)... Or do we ? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists