| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5a9e57e3-0361-77f8-834f-edb8600483e1@linux.intel.com>
Date: Thu, 29 Jun 2023 15:22:01 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Chao Gao <chao.gao@...el.com>,
Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
pbonzini@...hat.com, kai.huang@...el.com, David.Laight@...lab.com,
robert.hu@...ux.intel.com
Subject: Re: [PATCH v9 4/6] KVM: x86: Introduce untag_addr() in kvm_x86_ops
On 6/29/2023 2:57 PM, Chao Gao wrote:
> On Thu, Jun 29, 2023 at 02:12:27PM +0800, Binbin Wu wrote:
>>>> + /*
>>>> + * Check LAM_U48 in cr3_ctrl_bits to avoid guest_cpuid_has().
>>>> + * If not set, vCPU doesn't supports LAM.
>>>> + */
>>>> + if (!(vcpu->arch.cr3_ctrl_bits & X86_CR3_LAM_U48) ||
>>> This is unnecessary, KVM should never allow the LAM bits in CR3 to be set if LAM
>>> isn't supported.
> A corner case is:
>
> If EPT is enabled, CR3 writes are not trapped. then guests can set the
> LAM bits in CR3 if hardware supports LAM regardless whether or not guest
> enumerates LAM.
I recalled the main reason why I added the check.
It's used to avoid the following checking on CR3 & CR4, which may cause
an additional VMREAD.
Also, about the virtualization hole, if guest can enable LAM bits in CR3
in non-root mode without cause any problem,
that means the hardware supports LAM, should KVM continue to untag the
address following CR3 setting?
Because skip untag the address probably will cause guest failure, and of
cause, this is the guest itself to blame.
But untag the address seems do no harm?
Powered by blists - more mailing lists