lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250318180303.283401-8-seanjc@google.com>
Date: Tue, 18 Mar 2025 11:03:02 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: VMX changes for 6.15

Nothing major for VMX, mostly prep work for FRED virtualization.

The following changes since commit a64dcfb451e254085a7daee5fe51bf22959d52d3:

  Linux 6.14-rc2 (2025-02-09 12:45:03 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.15

for you to fetch changes up to 0c3566b63de860f6d42e3d9254890c00ac0970d7:

  KVM: VMX: Extract checks on entry/exit control pairs to a helper macro (2025-03-03 07:45:54 -0800)

----------------------------------------------------------------
KVM VMX changes for 6.15

 - Fix a bug where KVM unnecessarily reads XFD_ERR from hardware and thus
   modifies the vCPU's XFD_ERR on a #NM due to CR0.TS=1.

 - Pass XFD_ERR as a psueo-payload when injecting #NM as a preparatory step
   for upcoming FRED virtualization support.

 - Decouple the EPT entry RWX protection bit macros from the EPT Violation bits
   as a general cleanup, and in anticipation of adding support for emulating
   Mode-Based Execution (MBEC).

 - Reject KVM_RUN if userspace manages to gain control and stuff invalid guest
   state while KVM is in the middle of emulating nested VM-Enter.

 - Add a macro to handle KVM's sanity checks on entry/exit VMCS control pairs
   in anticipation of adding sanity checks for secondary exit controls (the
   primary field is out of bits).

----------------------------------------------------------------
Nikolay Borisov (1):
      KVM: VMX: Remove EPT_VIOLATIONS_ACC_*_BIT defines

Sean Christopherson (5):
      KVM: VMX: Don't modify guest XFD_ERR if CR0.TS=1
      KVM: VMX: Pass XFD_ERR as pseudo-payload when injecting #NM
      KVM: nVMX: Decouple EPT RWX bits from EPT Violation protection bits
      KVM: VMX: Reject KVM_RUN if userspace forces emulation during nested VM-Enter
      KVM: VMX: Extract checks on entry/exit control pairs to a helper macro

 arch/x86/include/asm/vmx.h     |  28 ++++++-----
 arch/x86/kvm/mmu/paging_tmpl.h |   3 +-
 arch/x86/kvm/vmx/vmx.c         | 106 +++++++++++++++++++++++++++++------------
 3 files changed, 92 insertions(+), 45 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ