| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Nov 2022 16:32:29 +0200
From: Maxim Levitsky <mlevitsk@...hat.com>
To: kvm@...r.kernel.org
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
linux-kernel@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Sandipan Das <sandipan.das@....com>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
Jing Liu <jing2.liu@...el.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Wyes Karny <wyes.karny@....com>,
Borislav Petkov <bp@...en8.de>,
Babu Moger <babu.moger@....com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Sean Christopherson <seanjc@...gle.com>,
Jim Mattson <jmattson@...gle.com>, x86@...nel.org,
Maxim Levitsky <mlevitsk@...hat.com>
Subject: [PATCH 00/13] SVM: vNMI (with my fixes)
Hi!
This is the vNMI patch series from Santosh Shukla with few
small fixes from me:
1. When a vNMI injection is pending, then to allow to not
delay for an unbounded time the injection of another NMI that could
arrive before the first vNMI injection is done, I added the code
that would intercept IRET/RSM/STGI and then try the injection again.
2. I slighlty modified the 'KVM: SVM: Add VNMI support in get/set_nmi_mask'
to have WARN_ON in vNMI functions when called without vNMI enabled.
Also NMI mask/unmask should be allowed regardless if SMM is active,
to support migration.
3. I did some refactoring in the code which updates the int_ctl in vmcb12
on nested VM exit, and updated the patch 'KVM: nSVM: implement nested VNMI'
to use this.
4. I added my reviewed-by to all the patches which I didn't change.
I only tested this on a machine which doesn't have vNMI, so this does need
some testing to ensure that nothing is broken.
Another thing I haven't looked at in depth yet is migration, I think there is a bug
because with vNMI, now in practise we can have 2 NMIs injected to the guest,
one in service, one 'pending injection' but no longer pending from KVM point of view,
and the KVM doesn't take this in account in kvm_vcpu_ioctl_x86_get_vcpu_events,a
and maybe more.
Best regards,
Maxim Levitsky
Maxim Levitsky (5):
KVM: nSVM: don't sync back tlb_ctl on nested VM exit
KVM: nSVM: don't call nested_sync_control_from_vmcb02 on each VM exit
KVM: nSVM: rename nested_sync_control_from_vmcb02 to
nested_sync_int_ctl_from_vmcb02
KVM: nSVM: clean up copying of int_ctl fields back to vmcb01/vmcb12
KVM: SVM: allow NMI window with vNMI
Santosh Shukla (8):
x86/cpu: Add CPUID feature bit for VNMI
KVM: SVM: Add VNMI bit definition
KVM: SVM: Add VNMI support in get/set_nmi_mask
KVM: SVM: Report NMI not allowed when Guest busy handling VNMI
KVM: SVM: Add VNMI support in inject_nmi
KVM: nSVM: implement nested VNMI
KVM: nSVM: emulate VMEXIT_INVALID case for nested VNMI
KVM: SVM: Enable VNMI feature
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/svm.h | 7 +++
arch/x86/kvm/svm/nested.c | 84 +++++++++++++++++++++---------
arch/x86/kvm/svm/svm.c | 60 ++++++++++++++++++---
arch/x86/kvm/svm/svm.h | 70 ++++++++++++++++++++++++-
5 files changed, 189 insertions(+), 33 deletions(-)
--
2.34.3
Powered by blists - more mailing lists