lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221117143242.102721-1-mlevitsk@redhat.com>
Date:   Thu, 17 Nov 2022 16:32:29 +0200
From:   Maxim Levitsky <mlevitsk@...hat.com>
To:     kvm@...r.kernel.org
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Sandipan Das <sandipan.das@....com>,
        Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
        Jing Liu <jing2.liu@...el.com>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Wyes Karny <wyes.karny@....com>,
        Borislav Petkov <bp@...en8.de>,
        Babu Moger <babu.moger@....com>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Jim Mattson <jmattson@...gle.com>, x86@...nel.org,
        Maxim Levitsky <mlevitsk@...hat.com>
Subject: [PATCH 00/13] SVM: vNMI (with my fixes)

Hi!

This is the vNMI patch series from Santosh Shukla with few
small fixes from me:

1. When a vNMI injection is pending, then to allow to not
  delay for an unbounded time the injection of another NMI that could
  arrive before the first vNMI injection is done, I added the code
  that would intercept IRET/RSM/STGI and then try the injection again.

2. I slighlty modified the 'KVM: SVM: Add VNMI support in get/set_nmi_mask'
   to have WARN_ON in vNMI functions when called without vNMI enabled.
   Also NMI mask/unmask should be allowed regardless if SMM is active,
   to support migration.

3. I did some refactoring in the code which updates the int_ctl in vmcb12
   on nested VM exit, and updated the patch 'KVM: nSVM: implement nested VNMI'
   to use this.

4. I added my reviewed-by to all the patches which I didn't change.

I only tested this on a machine which doesn't have vNMI, so this does need
some testing to ensure that nothing is broken.

Another thing I haven't looked at in depth yet is migration, I think there is a bug
because with vNMI, now in practise we can have 2 NMIs injected to the guest,
one in service, one 'pending injection' but no longer pending from KVM point of view,
and the KVM doesn't take this in account in kvm_vcpu_ioctl_x86_get_vcpu_events,a
and maybe more.

Best regards,
       Maxim Levitsky

Maxim Levitsky (5):
  KVM: nSVM: don't sync back tlb_ctl on nested VM exit
  KVM: nSVM: don't call nested_sync_control_from_vmcb02 on each VM exit
  KVM: nSVM: rename nested_sync_control_from_vmcb02 to
    nested_sync_int_ctl_from_vmcb02
  KVM: nSVM: clean up copying of int_ctl fields back to vmcb01/vmcb12
  KVM: SVM: allow NMI window with vNMI

Santosh Shukla (8):
  x86/cpu: Add CPUID feature bit for VNMI
  KVM: SVM: Add VNMI bit definition
  KVM: SVM: Add VNMI support in get/set_nmi_mask
  KVM: SVM: Report NMI not allowed when Guest busy handling VNMI
  KVM: SVM: Add VNMI support in inject_nmi
  KVM: nSVM: implement nested VNMI
  KVM: nSVM: emulate VMEXIT_INVALID case for nested VNMI
  KVM: SVM: Enable VNMI feature

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/svm.h         |  7 +++
 arch/x86/kvm/svm/nested.c          | 84 +++++++++++++++++++++---------
 arch/x86/kvm/svm/svm.c             | 60 ++++++++++++++++++---
 arch/x86/kvm/svm/svm.h             | 70 ++++++++++++++++++++++++-
 5 files changed, 189 insertions(+), 33 deletions(-)

-- 
2.34.3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ