lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Mar 2020 11:15:20 +0100 From: Vitaly Kuznetsov <vkuznets@...hat.com> To: Paolo Bonzini <pbonzini@...hat.com>, linmiaohe <linmiaohe@...wei.com> Cc: "rkrcmar\@redhat.com" <rkrcmar@...hat.com>, "sean.j.christopherson\@intel.com" <sean.j.christopherson@...el.com>, "jmattson\@google.com" <jmattson@...gle.com>, "joro\@8bytes.org" <joro@...tes.org>, "tglx\@linutronix.de" <tglx@...utronix.de>, "mingo\@redhat.com" <mingo@...hat.com>, "bp\@alien8.de" <bp@...en8.de>, "hpa\@zytor.com" <hpa@...or.com>, "kvm\@vger.kernel.org" <kvm@...r.kernel.org>, "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>, "x86\@kernel.org" <x86@...nel.org> Subject: Re: [PATCH] KVM: VMX: Use wrapper macro ~RMODE_GUEST_OWNED_EFLAGS_BITS directly Paolo Bonzini <pbonzini@...hat.com> writes: > On 06/03/20 10:44, Vitaly Kuznetsov wrote: >>>> Define a macro RMODE_HOST_OWNED_EFLAGS_BITS for (X86_EFLAGS_IOPL | >>>> X86_EFLAGS_VM) as suggested by Vitaly seems a good way to fix this ? >>>> Thanks. >>> No, what if a host-owned flag was zero? I'd just leave it as is. >>> >> I'm not saying my suggestion was a good idea but honestly I'm failing to >> wrap my head around this. The suggested 'RMODE_HOST_OWNED_EFLAGS_BITS' >> would just be a define for (X86_EFLAGS_IOPL | X86_EFLAGS_VM) so >> technically the patch would just be nop, no? > > It would not be a nop for the reader. > > Something called RMODE_{GUEST,HOST}_OWNED_EFLAGS_BITS is a mask. It > tells you nothing about whether those bugs are 0 or 1. It's just by > chance that all three host-owned EFLAGS bits are 1 while in real mode. > It wouldn't be the case if, for example, we ran the guest using vm86 > mode extensions (i.e. setting CR4.VME=1). Then VIF would be host-owned, > but it wouldn't necessarily be 1. Got it, it's the name which is causing the confusion, we're using mask as something different. Make sense, let's keep the code as-is then. -- Vitaly
Powered by blists - more mailing lists