lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABgObfay4FKV=foWLZzAWaC2kVHRnF1ib+6NC058QVZVFhGeyA@mail.gmail.com>
Date:   Thu, 31 Aug 2023 19:39:58 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: Misc changes for 6.6

On Wed, Aug 30, 2023 at 2:06 AM Sean Christopherson <seanjc@...gle.com> wrote:
> Sean Christopherson (44):
>       KVM: x86: Snapshot host's MSR_IA32_ARCH_CAPABILITIES
>       KVM: VMX: Drop unnecessary vmx_fb_clear_ctrl_available "cache"
>       KVM: x86: Retry APIC optimized map recalc if vCPU is added/enabled
>       x86/reboot: VMCLEAR active VMCSes before emergency reboot
>       x86/reboot: Harden virtualization hooks for emergency reboot
>       x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
>       x86/reboot: KVM: Disable SVM during reboot via virt/KVM reboot callback
>       x86/reboot: Assert that IRQs are disabled when turning off virtualization
>       x86/reboot: Hoist "disable virt" helpers above "emergency reboot" path
>       x86/reboot: Disable virtualization during reboot iff callback is registered
>       x86/reboot: Expose VMCS crash hooks if and only if KVM_{INTEL,AMD} is enabled
>       x86/virt: KVM: Open code cpu_has_vmx() in KVM VMX
>       x86/virt: KVM: Move VMXOFF helpers into KVM VMX
>       KVM: SVM: Make KVM_AMD depend on CPU_SUP_AMD or CPU_SUP_HYGON
>       x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
>       x86/virt: KVM: Open code cpu_has_svm() into kvm_is_svm_supported()
>       KVM: SVM: Check that the current CPU supports SVM in kvm_is_svm_supported()
>       KVM: VMX: Ensure CPU is stable when probing basic VMX support
>       x86/virt: KVM: Move "disable SVM" helper into KVM SVM
>       KVM: x86: Force kvm_rebooting=true during emergency reboot/crash
>       KVM: SVM: Use "standard" stgi() helper when disabling SVM
>       KVM: VMX: Skip VMCLEAR logic during emergency reboots if CR4.VMXE=0
>       KVM: nSVM: Check instead of asserting on nested TSC scaling support
>       KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
>       KVM: nSVM: Use the "outer" helper for writing multiplier to MSR_AMD64_TSC_RATIO
>       KVM: SVM: Clean up preemption toggling related to MSR_AMD64_TSC_RATIO
>       KVM: x86: Always write vCPU's current TSC offset/ratio in vendor hooks
>       KVM: nSVM: Skip writes to MSR_AMD64_TSC_RATIO if guest state isn't loaded
>       KVM: x86: Remove WARN sanity check on hypervisor timer vs. UNINITIALIZED vCPU
>       KVM: x86: Add a framework for enabling KVM-governed x86 features
>       KVM: x86/mmu: Use KVM-governed feature framework to track "GBPAGES enabled"
>       KVM: VMX: Recompute "XSAVES enabled" only after CPUID update
>       KVM: VMX: Check KVM CPU caps, not just VMX MSR support, for XSAVE enabling
>       KVM: VMX: Rename XSAVES control to follow KVM's preferred "ENABLE_XYZ"
>       KVM: x86: Use KVM-governed feature framework to track "XSAVES enabled"
>       KVM: nVMX: Use KVM-governed feature framework to track "nested VMX enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "NRIPS enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "TSC scaling enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "vVM{SAVE,LOAD} enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "LBRv enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "Pause Filter enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "vGIF enabled"
>       KVM: nSVM: Use KVM-governed feature framework to track "vNMI enabled"
>       KVM: x86: Disallow guest CPUID lookups when IRQs are disabled

This is definitely stuff that I wish I took a look for earlier (and
this is also why I prefer small bits over the development period, as
it keeps me honest), I'll take a look but I've pulled it anyway.

BTW, not using filemap turned out to be much bigger, and to some
extent uglier, than I expected. I'll send a message to the private mem
thread, but I think we should not pursue that for now and do it in a
separate patch series (if at all) so that it's clearer what filemap_*
code is being replaced by custom code.



Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ