| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Feb 2021 16:01:05 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>,
Brijesh Singh <brijesh.singh@....com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>
Subject: [PATCH 00/12] KVM: x86: Legal GPA fixes and cleanups
Add helpers to consolidate the GPA reserved bits checks that are scattered
all over KVM, and fix a few bugs in the process.
The original motivation was simply to get rid of all the different open
coded variations of the checks (there were a lot), but this snowballed
into a more ambitious cleanup when I realized common helpers are more or
less required to correctly handle repurposed GPA bits, e.g. SEV's C-bit.
The last two patches (use nested VM-Enter failure tracepoints in SVM)
aren't directly related to the GPA checks, but the conflicts would be
rather messy, so I included them here.
Note, the SEV C-bit changes are technically bug fixes, but getting them in
stable kernels would require backporting this entire pile. IMO, it's not
worth the effort given that it's extremely unlikely anyone will encounter
the bugs in anything but synthetic negative tests.
Based on kvm/queue, commit 3f87cb8253c3 ("KVM: X86: Expose bus lock debug
exception to guest").
Sean Christopherson (12):
KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset
KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading
PDPTRs
KVM: x86: Add a helper to check for a legal GPA
KVM: x86: Add a helper to handle legal GPA with an alignment
requirement
KVM: VMX: Use GPA legality helpers to replace open coded equivalents
KVM: nSVM: Use common GPA helper to check for illegal CR3
KVM: x86: SEV: Treat C-bit as legal GPA bit regardless of vCPU mode
KVM: x86: Use reserved_gpa_bits to calculate reserved PxE bits
KVM: x86/mmu: Add helper to generate mask of reserved HPA bits
KVM: x86: Add helper to consolidate "raw" reserved GPA mask
calculations
KVM: x86: Move nVMX's consistency check macro to common code
KVM: nSVM: Trace VM-Enter consistency check failures
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/cpuid.c | 20 +++++-
arch/x86/kvm/cpuid.h | 24 +++++--
arch/x86/kvm/mmu/mmu.c | 110 ++++++++++++++++----------------
arch/x86/kvm/mtrr.c | 12 ++--
arch/x86/kvm/svm/nested.c | 35 +++++-----
arch/x86/kvm/svm/svm.c | 2 +-
arch/x86/kvm/vmx/nested.c | 34 +++-------
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/x86.c | 11 ++--
arch/x86/kvm/x86.h | 8 +++
11 files changed, 140 insertions(+), 120 deletions(-)
--
2.30.0.365.g02bc693789-goog
Powered by blists - more mailing lists