lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57733B8C.6050504@linux.intel.com>
Date:	Wed, 29 Jun 2016 11:07:56 +0800
From:	Xiao Guangrong <guangrong.xiao@...ux.intel.com>
To:	Bandan Das <bsd@...hat.com>, kvm@...r.kernel.org
Cc:	pbonzini@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/5] mmu: pass execonly value when initializing rsvd bits



On 06/28/2016 12:32 PM, Bandan Das wrote:
> In reset_tdp_shadow_zero_bits_mask, we always pass false
> when initializing the reserved bits. By initializing with the
> correct value of ept exec only, the host can correctly
> identify if the guest pte is valid. Note that
> kvm_init_shadow_ept_mmu() already knows about execonly.
>
> Signed-off-by: Bandan Das <bsd@...hat.com>
> ---
>   arch/x86/kvm/mmu.c | 12 ++++++++----
>   1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index a50af79..875d4f7 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -3831,23 +3831,27 @@ static inline bool boot_cpu_is_amd(void)
>
>   /*
>    * the direct page table on host, use as much mmu features as
> - * possible, however, kvm currently does not do execution-protection.
> + * possible
>    */
>   static void
>   reset_tdp_shadow_zero_bits_mask(struct kvm_vcpu *vcpu,
>   				struct kvm_mmu *context)
>   {

It is not necessary. reset_tdp_shadow_zero_bits_mask() is used for
the guest without nested-ept, host never sets shadow execute-only
actively.

For the nested ept guest, kvm_init_shadow_ept_mmu() has already
handled xonly case perfectly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ