| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2022 16:31:12 +0200
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Santosh Shukla <santosh.shukla@....com>, pbonzini@...hat.com,
seanjc@...gle.com, jmattson@...gle.com
Cc: kvm@...r.kernel.org, joro@...tes.org, linux-kernel@...r.kernel.org,
mail@...iej.szmigiero.name, thomas.lendacky@....com,
vkuznets@...hat.com
Subject: Re: [PATCHv5 0/8] Virtual NMI feature
On Mon, 2022-11-14 at 13:32 +0530, Santosh Shukla wrote:
>
>
> On 10/27/2022 2:08 PM, Santosh Shukla wrote:
> > VNMI Spec is at [1].
> >
> > Change History:
> >
> > v5 (6.1-rc2)
> > 01,02,06 - Renamed s/X86_FEATURE_V_NMI/X86_FEATURE_AMD_VNMI (Jim Mattson)
> >
>
> Gentle reminder.
>
> Thanks,
> Santosh
>
I started reviewing it today and I think there are still few issues,
and the biggest one is that if a NMI arrives while vNMI injection
is pending, current code just drops such NMI.
We had a discussion about this, like forcing immeditate vm exit
in this case and such but I have a simplier idea:
In this case we can just open the NMI window in the good old way
by intercepting IRET, STGI, and or RSM (which is intercepted anyway),
and only if we already *just* intercepted IRET, only then just drop
the new NMI instead of single stepping over it based on reasoning that
its 3rd NMI (one is almost done the servicing (its IRET is executing),
one is pending injection, and we want to inject another one.
Does this sound good to you? It won't work for SEV-ES as it looks
like it doesn't intercept IRET, but it might be a reasonable tradeof
for SEV-ES guests to accept that we can't inject a NMI if one is
already pending injection.
Best regards,
Maxim Levitsky
Powered by blists - more mailing lists