| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <994de1c0-04c2-485b-bab0-909e293d1cf8@codelabs.ch> Date: Wed, 23 Apr 2025 15:54:22 +0200 From: Adrian-Ken Rueegsegger <ken@...elabs.ch> To: Jon Kohler <jon@...anix.com> Cc: Alexander Grest <Alexander.Grest@...rosoft.com>, Nicolas Saenz Julienne <nsaenz@...zon.es>, "Madhavan T . Venkataraman" <madvenka@...ux.microsoft.com>, Mickaël Salaün <mic@...ikod.net>, Tao Su <tao1.su@...ux.intel.com>, Xiaoyao Li <xiaoyao.li@...el.com>, Zhao Liu <zhao1.liu@...el.com>, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, seanjc@...gle.com, pbonzini@...hat.com Subject: Re: [RFC PATCH 00/18] KVM: VMX: Introduce Intel Mode-Based Execute Control (MBEC) Hi, On 3/13/25 21:36, Jon Kohler wrote: [snip] > The semantics for EPT violation qualifications also change when MBEC > is enabled, with bit 5 reflecting supervisor/kernel mode execute > permissions and bit 6 reflecting user mode execute permissions. > This ultimately serves to expose this feature to the L1 hypervisor, > which consumes MBEC and informs the L2 partitions not to use the > software MBEC by removing bit 14 in 0x40000004 EAX [4]. Should this say bit 13 of 0x40000004.EAX? According to the referenced docs [4]: Bit 13: "Recommend using INT for MBEC system calls." Bit 14: "Recommend a nested hypervisor using the enlightened VMCS interface. Also indicates that additional nested enlightenments may be available (see leaf 0x4000000A)." Regards, Adrian
Powered by blists - more mailing lists