lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <751264091.1124859.1502921276661.JavaMail.zimbra@redhat.com>
Date:   Wed, 16 Aug 2017 18:07:56 -0400 (EDT)
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Janakarajan Natarajan <Janakarajan.Natarajan@....com>
Cc:     Radim Krcmar <rkrcmar@...hat.com>, kvm@...r.kernel.org,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Joerg Roedel <joro@...tes.org>,
        Andy Lutomirski <luto@...nel.org>,
        Tony Luck <tony.luck@...el.com>, Borislav Petkov <bp@...e.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>,
        Yazen Ghannam <Yazen.Ghannam@....com>
Subject: Re: [PATCH 2/2] KVM: SVM: Enable Virtual GIF feature



----- Original Message -----
> From: "Janakarajan Natarajan" <Janakarajan.Natarajan@....com>
> To: "Radim Krcmar" <rkrcmar@...hat.com>
> Cc: kvm@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org, "Paolo Bonzini" <pbonzini@...hat.com>, "Joerg
> Roedel" <joro@...tes.org>, "Andy Lutomirski" <luto@...nel.org>, "Tony Luck" <tony.luck@...el.com>, "Borislav Petkov"
> <bp@...e.de>, "Thomas Gleixner" <tglx@...utronix.de>, "Ingo Molnar" <mingo@...hat.com>, "H . Peter Anvin"
> <hpa@...or.com>, "Yazen Ghannam" <Yazen.Ghannam@....com>
> Sent: Thursday, August 17, 2017 12:04:10 AM
> Subject: Re: [PATCH 2/2] KVM: SVM: Enable Virtual GIF feature
> 
> On 8/16/2017 2:53 PM, Radim Krcmar wrote:
> > 2017-08-16 10:54-0500, Janakarajan Natarajan:
> >> Enable the Virtual GIF feature. This is done by setting bit 25 at position
> >> 60h in the vmcb.
> >>
> >> With this feature enabled, the processor uses bit 9 at position 60h as the
> >> virtual GIF when executing STGI/CLGI instructions.
> >>
> >> Since the execution of STGI by the L1 hypervisor does not cause a return
> >> to
> >> the outermost (L0) hypervisor, the enable_irq_window and enable_nmi_window
> >> are modified.
> >>
> >> The IRQ and NMI windows will be opened even if GIF is not set, under the
> >> assumption that on resuming the L1 hypervisor the IRQ and NMI will be
> >> held pending until the processor executes the STGI instruction.
> >>
> >> Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@....com>
> >> ---
> >> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> >> @@ -4702,8 +4735,8 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
> >>   	    == HF_NMI_MASK)
> >>   		return; /* IRET will cause a vm exit */
> >>   
> >> -	if ((svm->vcpu.arch.hflags & HF_GIF_MASK) == 0)
> >> -		return; /* STGI will cause a vm exit */
> >> +	if (!vgif_enabled(svm) && !gif_set(svm))
> >> +		return; /* STGI will cause a vm exit or HW will set VGIF*/
> > Why don't we enable STGI interception to get notified that the window
> > has opened?  (I doubt that single stepping would be faster ...)
> 
> It would defeat the purpose of having vGIF - execute STGI/CLGI and not
> have a world-switch. Plus it would be like implementing the vGIF feature
> halfway, allowing only CLGI to take advantage of the hardware.

No, only enable the STGI intercept to enable the NMI window.  Normally
you'd still run with free STGI.

This is because if you do not return here, you enter singlestepping mode
where each instruction causes a world switch.

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ