| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <592ab920-51f3-4794-331f-8737e1f5b20a@redhat.com>
Date: Mon, 13 Jun 2022 18:49:17 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Anirudh Rayabharam <anrayabh@...ux.microsoft.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Ilias Stamatis <ilstam@...zon.com>,
Maxim Levitsky <mlevitsk@...hat.com>
Cc: mail@...rudhrb.com, kumarpraveen@...ux.microsoft.com,
wei.liu@...nel.org, robert.bradford@...el.com, liuwe@...rosoft.com,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V
On 6/13/22 18:16, Anirudh Rayabharam wrote:
> + if (!kvm_has_tsc_control)
> + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING;
> +
> msrs->secondary_ctls_low = 0;
> msrs->secondary_ctls_high &=
> SECONDARY_EXEC_DESC |
> @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps)
> SECONDARY_EXEC_RDRAND_EXITING |
> SECONDARY_EXEC_ENABLE_INVPCID |
> SECONDARY_EXEC_RDSEED_EXITING |
> - SECONDARY_EXEC_XSAVES |
> - SECONDARY_EXEC_TSC_SCALING;
> + SECONDARY_EXEC_XSAVES;
>
> /*
This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING,
even if kvm_has_tsc_control == true.
That said, I think a better implementation of this patch is to just add
a version of evmcs_sanitize_exec_ctrls that takes a struct
nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like
evmcs_sanitize_nested_vmx_vsrs(msrs);
Even better (but I cannot "mentally test it" offhand) would be just
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e802f71a9e8d..b3425ce835c5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1862,7 +1862,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
* sanity checking and refuse to boot. Filter all unsupported
* features out.
*/
- if (!msr_info->host_initiated &&
+ if (static_branch_unlikely(&enable_evmcs) ||
vmx->nested.enlightened_vmcs_enabled)
nested_evmcs_filter_control_msr(msr_info->index,
&msr_info->data);
I cannot quite understand the host_initiated check, so I'll defer to
Vitaly on why it is needed. Most likely, removing it would cause some
warnings in QEMU with e.g. "-cpu Haswell,+vmx"; but I think it's a
userspace bug and we should remove that part of the condition. You
don't need to worry about that part, we'll cross that bridge if the
above patch works for your case.
Thanks,
Paolo
Powered by blists - more mailing lists