lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54806F82.5090806@redhat.com>
Date:	Thu, 04 Dec 2014 15:28:18 +0100
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	Wanpeng Li <wanpeng.li@...ux.intel.com>
CC:	Nadav Amit <nadav.amit@...il.com>, rkrcmar@...hat.com,
	kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 4/4] kvm: vmx: fix VMfailValid when write vmcs02/vmcs01



On 04/12/2014 12:11, Wanpeng Li wrote:
> SDM 30.3 VMWRITE
> 
> ELSIF secondary source operand does not correspond to any VMCS field
>    THEN VMfailValid(VMREAD/VMWRITE from/to unsupported VMCS component);
> 
> We can't suppose L1 VMM expose MPX to L2 just if L0 support MPX. There
> will be VMfailValid if L0 doesn't support MPX and L1 expose MPX to L2
> when L0 writes vmcs02/vmcs01, in addition, there is no need to read
> GUEST_BNDCFGS if L1 VMM doesn't expose it to L2. This patch fix it by
> both check L0 support xsaves and L1 expose MPX to L2.

Did you have a reproducer for this?  It should not be needed, because
the bndcfgs entry/exit controls are hidden from
nested_vmx_exit_ctls_high and nested_vmx_entry_ctls_high if
!vmx_mpx_supported().

This hunk is also not correct:

> -	if (vmx_mpx_supported())
> +	if (vmx_mpx_supported() &&
> +		(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
>  		vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
>  	if (nested_cpu_has_xsaves(vmcs12))
>  		vmcs12->xss_exit_bitmap = vmcs_read64(XSS_EXIT_BITMAP);

because there is no "save BNDCFGS" exit control; the guest BNDCFGS is
saved unconditionally into the vmcs.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ