| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2017 19:35:48 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Jim Mattson <jmattson@...gle.com>, Wanpeng Li <kernellwp@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
kvm list <kvm@...r.kernel.org>,
Radim Krčmář <rkrcmar@...hat.com>,
Wanpeng Li <wanpeng.li@...mail.com>
Subject: Re: [PATCH v2 1/2] KVM: VMX: Don't advertise EPT switching if EPT
itself is not exposed
On 17/10/2017 19:29, Jim Mattson wrote:
> Following the same line of reasoning, what if
> vmx->nested.nested_vmx_secondary_ctls_high is 0 after clearing
> SECONDARY_EXEC_ENABLE_VMFUNC? Does it make sense to report
> CPU_BASED_ACTIVATE_SECONDARY_CONTROLS if we don't actually support any
> of the secondary controls?
All-zero is a valid value for secondary controls, so I think yes. Besides:
1) userspace can always get into a situation where there are no valid
secondary controls but processor-based execution controls have bit 31 as
1-allowed;
2) I doubt that vmfunc can be the one bit that causes
nested_vmx_secondary_ctls_high to become zero :)
Paolo
Powered by blists - more mailing lists