lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20221104144708.435865-1-vkuznets@redhat.com>
Date:   Fri,  4 Nov 2022 15:47:04 +0100
From:   Vitaly Kuznetsov <vkuznets@...hat.com>
To:     kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>
Cc:     Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Maxim Levitsky <mlevitsk@...hat.com>,
        linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v2 0/4] KVM: VMX: nVMX: Make eVMCS enablement more robust

Changes since v1:
- Simplify PATCH4 by not using evmcs_get_supported_ctls() and doing more
  macro magic to avoid having two evmcs_check_vmcs_conf{u32, u64} variants
  [Sean]

This is a continuation of "KVM: VMX: Support updated eVMCSv1 revision + use
vmcs_config for L1 VMX MSRs" work:
https://lore.kernel.org/kvm/20220830133737.1539624-1-vkuznets@redhat.com/

and a preparation to enabling new eVMCS features for Hyper-V on KVM, namely
nested TSC scaling.

Future proof KVM against two scenarios:
- nVMX: A new feature which doesn't have a corresponding eVMCSv1 field gets
 implemented in KVM but EVMCS1_UNSUPPORTED_* defines are left unchanged.
- VMX: A new feature supported by KVM but currently missing in eVMCSv1 gets
 implemented in a future Hyper-V version breaking KVM.

Note: 'vmx/evmcs.{c,h}' are renamed to 'vmx/hyperv.{c,h}' in
https://lore.kernel.org/kvm/20221004123956.188909-7-vkuznets@redhat.com/

Vitaly Kuznetsov (4):
  KVM: nVMX: Sanitize primary processor-based VM-execution controls with
    eVMCS too
  KVM: nVMX: Invert 'unsupported by eVMCSv1' check
  KVM: nVMX: Prepare to sanitize tertiary execution controls with eVMCS
  KVM: VMX: Resurrect vmcs_conf sanitization for KVM-on-Hyper-V

 arch/x86/kvm/vmx/evmcs.c | 88 +++++++++++++++++++++++++++++--------
 arch/x86/kvm/vmx/evmcs.h | 93 +++++++++++++++++++++++++++++++++-------
 arch/x86/kvm/vmx/vmx.c   |  5 +++
 3 files changed, 152 insertions(+), 34 deletions(-)

-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ