lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2017 19:35:48 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Jim Mattson <jmattson@...gle.com>, Wanpeng Li <kernellwp@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, kvm list <kvm@...r.kernel.org>, Radim Krčmář <rkrcmar@...hat.com>, Wanpeng Li <wanpeng.li@...mail.com> Subject: Re: [PATCH v2 1/2] KVM: VMX: Don't advertise EPT switching if EPT itself is not exposed On 17/10/2017 19:29, Jim Mattson wrote: > Following the same line of reasoning, what if > vmx->nested.nested_vmx_secondary_ctls_high is 0 after clearing > SECONDARY_EXEC_ENABLE_VMFUNC? Does it make sense to report > CPU_BASED_ACTIVATE_SECONDARY_CONTROLS if we don't actually support any > of the secondary controls? All-zero is a valid value for secondary controls, so I think yes. Besides: 1) userspace can always get into a situation where there are no valid secondary controls but processor-based execution controls have bit 31 as 1-allowed; 2) I doubt that vmfunc can be the one bit that causes nested_vmx_secondary_ctls_high to become zero :) Paolo
Powered by blists - more mailing lists