lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <674ac894-12a2-c15f-72c5-878558a8005d@redhat.com>
Date:   Fri, 13 Jan 2023 19:06:01 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        Marc Orr <marcorr@...gle.com>, Ben Gardon <bgardon@...gle.com>,
        Venkatesh Srinivas <venkateshs@...omium.org>
Subject: Re: [PATCH 0/6] KVM: x86: x2APIC reserved bits/regs fixes

On 1/7/23 02:10, Sean Christopherson wrote:
> Fixes for edge cases where KVM mishandles reserved bits/regs checks when
> the vCPU is in x2APIC mode.
> 
> The first two patches were previously posted[*], but both patches were
> broken (as posted against upstream), hence I took full credit for doing
> the work and changed Marc to a reporter.
> 
> The VMX APICv fixes are for bugs found when writing tests.  *sigh*
> I didn't Cc those to stable as the odds of breaking something when touching
> the MSR bitmaps seemed higher than someone caring about a 10 year old bug.
> 
> AMD x2AVIC support may or may not suffer similar interception bugs, but I
> don't have hardware to test and this already snowballed further than
> expected...
> 
> [*] https://lore.kernel.org/kvm/20220525173933.1611076-1-venkateshs@chromium.org

Looks good; please feel free to start gathering this in your tree for 6.3.

Next week I'll go through Ben's series as well as Aaron's "Clean up the 
supported xfeatures" and others.

Let me know if you would like me to queue anything of these instead, and 
please remember to set up the tree in linux-next. :)

Thanks,

Paolo

> Sean Christopherson (6):
>    KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
>    KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
>    KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC
>    KVM: x86: Split out logic to generate "readable" APIC regs mask to
>      helper
>    KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC
>      regs
>    KVM: VMX: Intercept reads to invalid and write-only x2APIC registers
> 
>   arch/x86/kvm/lapic.c   | 55 ++++++++++++++++++++++++++----------------
>   arch/x86/kvm/lapic.h   |  2 ++
>   arch/x86/kvm/vmx/vmx.c | 40 +++++++++++++++---------------
>   3 files changed, 57 insertions(+), 40 deletions(-)
> 
> 
> base-commit: 91dc252b0dbb6879e4067f614df1e397fec532a1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ