| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56E167DE.4090602@redhat.com> Date: Thu, 10 Mar 2016 13:26:06 +0100 From: Paolo Bonzini <pbonzini@...hat.com> To: Xiao Guangrong <guangrong.xiao@...ux.intel.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org Cc: stable@...r.kernel.org, Andy Lutomirski <luto@...capital.net> Subject: Re: [PATCH 1/2] KVM: MMU: fix ept=0/pte.u=0/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo On 10/03/2016 13:14, Xiao Guangrong wrote: >> More precisely, ignore_bits is only needed if guest EFER.NX=0 and we're >> not in this CR0.WP=1/CR4.SMEP=0 situation. In theory you could have >> guest EFER.NX=1 and host EFER.NX=0. > > It is not in linux, the kernel always set EFER.NX if CPUID reports it, > arch/x86/kernel/head_64.S: > > 204 /* Setup EFER (Extended Feature Enable Register) */ > 205 movl $MSR_EFER, %ecx > 206 rdmsr > 207 btsl $_EFER_SCE, %eax /* Enable System Call */ > 208 btl $20,%edi /* No Execute supported? */ > 209 jnc 1f > 210 btsl $_EFER_NX, %eax > 211 btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) > 212 1: wrmsr /* Make changes effective */ > > So if guest sees NX in its cpuid then host EFER.NX should be 1. You're right. It's just in theory. But ignoring EFER.NX when it is 1 is technically not correct; since we have to add some special EFER_NX logic anyway, I preferred to make it pedantically right. :) Paolo
Powered by blists - more mailing lists