lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 4 Aug 2017 17:00:36 +0200
From:   David Hildenbrand <david@...hat.com>
To:     Bandan Das <bsd@...hat.com>, kvm@...r.kernel.org
Cc:     pbonzini@...hat.com, rkrcmar@...hat.com, jmattson@...gle.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 0/3] Expose VMFUNC to the nested hypervisor

On 03.08.2017 21:54, Bandan Das wrote:
> v7:
>  3/3:
>   Fix check for AD
>   Use kvm_vcpu_read_guest_page()
> 
> v6:
>  https://lkml.org/lkml/2017/8/1/1015
>  3/3:
>    Fix check for memory type in address
>    Change check function name as requested in the review
>    Move setting of mmu->ept_ad to after calling mmu_unload
>    and also reset base_role.ad_disabled appropriately
>    Replace IS_ALIGN with page_address_valid()
> 
> v5:
>  https://lkml.org/lkml/2017/7/28/621
>  1/3 and 2/3 are unchanged but some changes in 3/3. I left
>  the mmu_load failure path untouched because I am not sure what's
>  the right thing to do here.
>  3/3:
>     Move the eptp switching logic to a different function
>     Add check for EPTP_ADDRESS in check_vmentry_prereq
>     Add check for validity of ept pointer
>     Check if AD bit is set and set ept_ad
>     Add TODO item about mmu_unload failure
> 
> v4:
>  https://lkml.org/lkml/2017/7/10/705
>  2/3:  Use WARN_ONCE to avoid logging dos
> 
> v3:
>  https://lkml.org/lkml/2017/7/10/684
>  3/3: Add missing nested_release_page_clean() and check the
>  eptp as mentioned in SDM 24.6.14
> 
> v2:
>  https://lkml.org/lkml/2017/7/6/813
>  1/3: Patch to enable vmfunc on the host but cause a #UD if
>       L1 tries to use it directly. (new)
>  2/3: Expose vmfunc to the nested hypervisor, but no vm functions
>       are exposed and L0 emulates a vmfunc vmexit to L1. 
>  3/3: Force a vmfunc vmexit when L2 tries to use vmfunc and emulate
>       eptp switching. Unconditionally expose EPTP switching to the
>       L1 hypervisor since L0 fakes eptp switching via a mmu reload.
> 
> These patches expose eptp switching/vmfunc to the nested hypervisor.
> vmfunc is enabled in the secondary controls for the host and is
> exposed to the nested hypervisor. However, if the nested hypervisor
> decides to use eptp switching, L0 emulates it.
> 
> v1:
>  https://lkml.org/lkml/2017/6/29/958
> 
> Bandan Das (3):
>   KVM: vmx: Enable VMFUNCs
>   KVM: nVMX: Enable VMFUNC for the L1 hypervisor
>   KVM: nVMX: Emulate EPTP switching for the L1 hypervisor
> 
>  arch/x86/include/asm/vmx.h |   9 +++
>  arch/x86/kvm/vmx.c         | 185 ++++++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 192 insertions(+), 2 deletions(-)
> 

Acked-by: David Hildenbrand <david@...hat.com>

(not 100% confident for a r-b, not because of your patches but because
of the involved complexity (flushes, MMU ...))

-- 

Thanks,

David

Powered by blists - more mailing lists