| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jan 2018 12:17:13 -0500
From: Paolo Bonzini <pbonzini@...hat.com>
To: Radim Krčmář <rkrcmar@...hat.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH] KVM: nVMX: preserve SECONDARY_EXEC_DESC without UMIP
On 31/01/2018 12:12, Radim Krčmář wrote:
> L1 might want to use SECONDARY_EXEC_DESC, so we must not clear the VMCS
> bit if UMIP is not being emulated.
>
> We must still set the bit when emulating UMIP as the feature can be
> passed to L2 where L0 will do the emulation and because L2 can change
> CR4 without a VM exit, we should clear the bit if UMIP is disabled.
>
> Fixes: 0367f205a3b7 ("KVM: vmx: add support for emulating UMIP")
> Signed-off-by: Radim Krčmář <rkrcmar@...hat.com>
> ---
> I haven't tested emulated UMIP (yet) nor machines with UMIP, but at
> least kvm-unit-tests don't throw an error anymore.
>
> arch/x86/kvm/vmx.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 438802d0b01d..b1e554a74b34 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -4379,7 +4379,8 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
> vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
> SECONDARY_EXEC_DESC);
> hw_cr4 &= ~X86_CR4_UMIP;
> - } else
> + } else if (!is_guest_mode(vcpu) ||
> + !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC))
> vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
> SECONDARY_EXEC_DESC);
>
>
Reviewed-by: Paolo Bonzini <pbonzini@...hat.com>
Powered by blists - more mailing lists