| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250416002546.3300893-1-mlevitsk@redhat.com>
Date: Tue, 15 Apr 2025 20:25:43 -0400
From: Maxim Levitsky <mlevitsk@...hat.com>
To: kvm@...r.kernel.org
Cc: Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>,
Paolo Bonzini <pbonzini@...hat.com>,
x86@...nel.org,
Sean Christopherson <seanjc@...gle.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>,
linux-kernel@...r.kernel.org,
"H. Peter Anvin" <hpa@...or.com>,
Maxim Levitsky <mlevitsk@...hat.com>
Subject: [PATCH 0/3] KVM: x86: allow DEBUGCTL.DEBUGCTLMSR_FREEZE_IN_SMM passthrough
Currently KVM allows the guest to set IA32_DEBUGCTL to whatever value
the guest wants, only capped by a bitmask of allowed bits
(except in the nested entry where KVM apparently doesn't even check
this set of allowed bits - this patch series also fixes that)
However some IA32_DEBUGCTL bits can be useful for the host, e.g the
IA32_DEBUGCTL.DEBUGCTLMSR_FREEZE_IN_SMM which isolates the PMU from
the influence of the host's SMM.
Reshuffle some of the code to allow (currently only this bit) to be passed
though from its host value to the guest.
Note that host value of this bit can be toggled by writing 0 or 1 to
/sys/devices/cpu/freeze_on_smi
This was tested on a Intel(R) Xeon(R) Silver 4410Y with KVM unit tests and
kvm selftests running in parallel with tight loop writing to IO port 0xB2
which on this machine generates #SMIs.
SMI generation was also verified also by reading the MSR 0x34 which
shows the current count of #SMIs received.
Despite the flood of #SMIs, the tests survived with this patch applied.
Best regards,
Maxim Levitsky
Maxim Levitsky (3):
x86: KVM: VMX: Wrap GUEST_IA32_DEBUGCTL read/write with access
functions
x86: KVM: VMX: cache guest written value of MSR_IA32_DEBUGCTL
x86: KVM: VMX: preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while in the
guest mode
arch/x86/kvm/svm/svm.c | 2 +
arch/x86/kvm/vmx/nested.c | 15 +++++--
arch/x86/kvm/vmx/pmu_intel.c | 9 ++--
arch/x86/kvm/vmx/vmx.c | 87 +++++++++++++++++++++++++++---------
arch/x86/kvm/vmx/vmx.h | 4 ++
arch/x86/kvm/x86.c | 2 -
6 files changed, 89 insertions(+), 30 deletions(-)
--
2.26.3
Powered by blists - more mailing lists