lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160509102708.GB4329@pd.tnic>
Date:	Mon, 9 May 2016 12:27:08 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Suravee Suthikulpanit <Suravee.Suthikulpanit@....com>
Cc:	pbonzini@...hat.com, rkrcmar@...hat.com, joro@...tes.org,
	gleb@...nel.org, alex.williamson@...hat.com, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org, wei@...hat.com,
	sherry.hurwitz@....com
Subject: Re: [PART1 V5 07/13] KVM: x86: Detect and Initialize AVIC support

On Wed, May 04, 2016 at 02:09:46PM -0500, Suravee Suthikulpanit wrote:
> This patch introduces AVIC-related data structure, and AVIC
> initialization code.
> 
> There are three main data structures for AVIC:
>     * Virtual APIC (vAPIC) backing page (per-VCPU)
>     * Physical APIC ID table (per-VM)
>     * Logical APIC ID table (per-VM)
> 
> Currently, AVIC is disabled by default. Users can manually
> enable AVIC via kernel boot option kvm-amd.avic=1 or during
> kvm-amd module loading with parameter avic=1.
> 
> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
> ---
>  arch/x86/include/asm/kvm_host.h |   4 +
>  arch/x86/include/asm/svm.h      |   3 +
>  arch/x86/kvm/svm.c              | 224 +++++++++++++++++++++++++++++++++++++++-
>  3 files changed, 230 insertions(+), 1 deletion(-)

...

> + * Note:
> + * AVIC hardware walks the nested page table to check permissions,
> + * but does not use the SPA address specified in the leaf page
> + * table entry since it uses  address in the AVIC_BACKING_PAGE pointer
> + * field of the VMCB. Therefore, we set up the
> + * APIC_ACCESS_PAGE_PRIVATE_MEMSLOT (4KB) here.
> + */
> +static int avic_init_access_page(struct kvm_vcpu *vcpu)
> +{
> +	int ret = 0;
> +	struct kvm *kvm = vcpu->kvm;
> +
> +	if (!kvm->arch.apic_access_page_done) {
> +		ret = x86_set_memory_region(kvm,
> +					    APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
> +					    APIC_DEFAULT_PHYS_BASE,
> +					    PAGE_SIZE);
> +		if (ret)
> +			return ret;
> +		kvm->arch.apic_access_page_done = true;
> +	}
> +
> +	return ret;
> +}

You can save yourself and indentation level:

	if (kvm->arch.apic_access_page_done)
		return ret;

	ret = x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
				    APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
	if (ret)
		return ret;

	kvm->arch.apic_access_page_done = true;


-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ