lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <jpgmvmk2424.fsf@linux.bootlegged.copy>
Date:	Thu, 16 Jun 2016 17:53:55 -0400
From:	Bandan Das <bsd@...hat.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	rkrcmar@...hat.com
Subject: Re: [RFC PATCH 1/2] KVM: x86: always use "acknowledge interrupt on exit"

Paolo Bonzini <pbonzini@...hat.com> writes:

> This is necessary to simplify handle_external_intr in the next patch.
> It means that nested KVM will require 3.16 on the host (or 3.17 if you
> have APICv enabled).
>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---
>  arch/x86/kvm/vmx.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e185649fb8b7..4e9657730bf6 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3362,12 +3362,12 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
>  		      vmx_capability.ept, vmx_capability.vpid);
>  	}
>  
> -	min = VM_EXIT_SAVE_DEBUG_CONTROLS;
> +	min = VM_EXIT_SAVE_DEBUG_CONTROLS | VM_EXIT_ACK_INTR_ON_EXIT;
>  #ifdef CONFIG_X86_64
>  	min |= VM_EXIT_HOST_ADDR_SPACE_SIZE;
>  #endif
>  	opt = VM_EXIT_SAVE_IA32_PAT | VM_EXIT_LOAD_IA32_PAT |
> -		VM_EXIT_ACK_INTR_ON_EXIT | VM_EXIT_CLEAR_BNDCFGS;
> +		VM_EXIT_CLEAR_BNDCFGS;
>  	if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_EXIT_CTLS,
>  				&_vmexit_control) < 0)
>  		return -EIO;

Even if it breaks, this will complain quite loudly for the user to
upgrade. Maybe, a ack_intr specific message would be more direct (since that
is the one we are breaking) but imo it's fine either way.

Bandan


> @@ -3380,8 +3380,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
>  		return -EIO;
>  
>  	if (!(_cpu_based_2nd_exec_control &
> -		SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) ||
> -		!(_vmexit_control & VM_EXIT_ACK_INTR_ON_EXIT))
> +		SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY))
>  		_pin_based_exec_control &= ~PIN_BASED_POSTED_INTR;
>  
>  	min = VM_ENTRY_LOAD_DEBUG_CONTROLS;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ