lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20221108104152.mij7vchxhfpbcfpb@linux.intel.com>
Date:   Tue, 8 Nov 2022 18:41:52 +0800
From:   Yu Zhang <yu.c.zhang@...ux.intel.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     seanjc@...gle.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: VMX: Do not trap VMFUNC instructions for L1 guests.

On Mon, Nov 07, 2022 at 06:20:23PM +0100, Paolo Bonzini wrote:
> On 11/7/22 09:27, Yu Zhang wrote:
> > VMFUNC is not supported for L1 guests, and executing VMFUNC in
> > L1 shall generate a #UD directly. Just disable it in secondary
> > proc-based execution control for L1, instead of intercepting it
> > and inject the #UD again.
> > 
> > Signed-off-by: Yu Zhang<yu.c.zhang@...ux.intel.com>
> 
> Is this for TDX or similar?  The reason for a patch should be mentioned in
> the commit message.

Thanks for your quick reply, Paolo. 

It is not a new feature. Just a clean up for VMFUNC, which is not
supported by KVM for L1 guest.

According to Intel SDM 25.5.6.2 - "General Operation of the VMFUNC
Instruction", The VMFUNC instruction causes an invalid-opcode exception
(#UD) if the “enable VM functions” VM-execution controls is 0 or the
value of EAX is greater than 63 (only VM functions 0–63 can be enable).
Otherwise, the instruction causes a VM exit if the bit at position
EAX is 0 in the VM-function controls (the selected VM function is not
enabled)

And since KVM only provides emulation of VMFUNC for nested guests,
it is uncessary for KVM to intercept it and reinject a #UD. So just
disable VMFUNC in VM-execution control for L1 guests.

But please feel free to educate me if I missed some backgrounds about
why this is enabled in the first place. Thanks!

B.R.
Yu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ