lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 29 Nov 2021 13:08:22 -0600
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Lai Jiangshan <laijs@...ux.alibaba.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc:     stable@...r.kernel.org
Subject: Re: [PATCH] KVM: MMU: shadow nested paging does not have PKU

On 11/27/21 4:25 AM, Paolo Bonzini wrote:
> On 11/27/21 02:21, Lai Jiangshan wrote:
>>
>>
>> On 2021/11/26 21:21, Paolo Bonzini wrote:
>>> Initialize the mask for PKU permissions as if CR4.PKE=0, avoiding
>>> incorrect interpretations of the nested hypervisor's page tables.
>>
>> I think the AMD64 volume2 Architecture Programmer’s Manual does not
>> specify it, but it seems that for a sane NPT walk, PKU should not work
>> in NPT.
> 
> The PK bit is not defined in the nested page fault EXITINFO1, too. Thomas, 
> can you have it fixed in the APM that the host's SMEP, SMAP and PKE bits 
> do not affect nested page table walks?
> 

I talked to our documentation folks and they will look to update the APM 
with the appropriate information.

Thanks,
Tom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ