lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 8 Sep 2015 22:17:19 +0800
From:	Xiao Guangrong <guangrong.xiao@...ux.intel.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	gleb@...nel.org, mtosatti@...hat.com, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/9] KVM: x86: add pcommit support



On 09/07/2015 07:18 PM, Paolo Bonzini wrote:

>>
>> +static int handle_pcommit(struct kvm_vcpu *vcpu)
>> +{
>> +	/* we never catch pcommit instruct for L1 guest. */
>> +	BUG();
>
> Please WARN instead.
>

Okay.

>> +	return 1;
>> +}
>> +
>>   /*
>>    * The exit handlers return 1 if the exit was handled fully and guest execution
>>    * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
>> @@ -7258,6 +7269,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
>>   	[EXIT_REASON_XSAVES]                  = handle_xsaves,
>>   	[EXIT_REASON_XRSTORS]                 = handle_xrstors,
>>   	[EXIT_REASON_PML_FULL]		      = handle_pml_full,
>> +	[EXIT_REASON_PCOMMIT]                 = handle_pcommit,
>>   };
>>
>>   static const int kvm_vmx_max_exit_handlers =
>> @@ -7559,6 +7571,8 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
>>   		 * the XSS exit bitmap in vmcs12.
>>   		 */
>>   		return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
>> +	case EXIT_REASON_PCOMMIT:
>> +		return nested_cpu_has2(vmcs12, SECONDARY_EXEC_PCOMMIT);
>>   	default:
>>   		return true;
>>   	}
>> @@ -8688,6 +8702,10 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
>>   		if (best)
>>   			best->ebx &= ~bit(X86_FEATURE_INVPCID);
>>   	}
>> +
>> +	if (!guest_cpuid_has_pcommit(vcpu) && nested)
>> +		vmx->nested.nested_vmx_secondary_ctls_high &=
>> +			~SECONDARY_EXEC_PCOMMIT;
>
> Why is this needed?
>

If pcommit is not allowed in L1 guest, L1 is not allowed to intercept pcommit
for L2.

BTW, the spec saied:

| IA32_VMX_PROCBASED_CTLS2[53] (which enumerates support for the 1-setting of “PCOMMIT exiting”) is
| always the same as CPUID.07H:EBX.PCOMMIT[bit 22]. Thus, software can set “PCOMMIT exiting” to 1
| if and only if the PCOMMIT instruction is enumerated via CPUID
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ