| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Feb 2023 02:02:39 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, pbonzini@...hat.com,
kvm@...r.kernel.org, Yu Zhang <yu.c.zhang@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/2] Cleanup VMFUNC handling in KVM.
On Wed, 09 Nov 2022 15:54:11 +0800, Yu Zhang wrote:
> Since VMFUNC is not supported for non-nested guests, and executing VMFUNC
> can cause a #UD directly, if the “enable VM functions” VM-execution control
> is 0, KVM can just disable it in VM-exectution control, instead of taking
> pains to trap it and emulate the #UD for L1 guests.
>
> Also, simplified the process of setting SECONDARY_EXEC_ENABLE_VMFUNC for
> nested VMX MSR configurations.
>
> [...]
After much waffling, applied to kvm-x86 vmx. I ended up keeping the logic to
inject #UD on now-unexpected VMFUNC exits from L1, i.e. patch one does nothing
more than clear the control bit. I like the idea of clearing the control bit as
it more explicitly documents what's going on, but killing the VM on an unexpected
exit that KVM can gracefully handle seemed unnecessary.
Thanks!
[1/2] KVM: VMX: Do not trap VMFUNC instructions for L1 guests.
https://github.com/kvm-x86/linux/commit/41acdd419735
[2/2] KVM: nVMX: Simplify the setting of SECONDARY_EXEC_ENABLE_VMFUNC for nested.
https://github.com/kvm-x86/linux/commit/496c917b0989
--
https://github.com/kvm-x86/linux/tree/next
https://github.com/kvm-x86/linux/tree/fixes
Powered by blists - more mailing lists